VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:82
Behavior list
Basic Information
MD5:3fa9e98178063f3454bcaf65e355f913
file type:ELF32
Production company:
version:
Shell or compiler information:
Process behavior
Behavior description:装载新程序
details:execve: /tmp/bin/****.elf
Behavior description:fork创建进程
details:fork ret=2396, args=[]
fork ret=2397, args=[]
fork ret=2400, args=[]
fork ret=2402, args=[]
fork ret=2424, args=[]
fork ret=2425, args=[]
Behavior description:获取自身进程ID
details:getpid ret=2398, args=[]
getpid ret=2397, args=[]
getpid ret=2399, args=[]
getpid ret=2401, args=[]
getpid ret=2423, args=[]
Behavior description:执行命令
details:system ret=0, args=["ulimit-n2048"]
Behavior description:发送信号,常用于杀死进程
details:kill ret=0, args=[1397,0]
File behavior
Behavior description:读文件夹
details:readdir ret=0x80d5024, args=[0x80d5008]
readdir ret=0x80d5048, args=[0x80d5008]
readdir ret=0x80d5058, args=[0x80d5008]
readdir ret=0x80d5068, args=[0x80d5008]
readdir ret=0x80d5080, args=[0x80d5008]
readdir ret=0x80d5094, args=[0x80d5008]
readdir ret=0x80d50a8, args=[0x80d5008]
readdir ret=0x80d50d0, args=[0x80d5008]
readdir ret=0x80d50e8, args=[0x80d5008]
readdir ret=0x80d5104, args=[0x80d5008]
readdir ret=0x80d512c, args=[0x80d5008]
readdir ret=0, args=[0x80d5008]
readdir ret=0x80d5038, args=[0x80d5008]
readdir ret=0x80d5064, args=[0x80d5008]
readdir ret=0x80d5074, args=[0x80d5008]
Behavior description:读取文件
details:read: path=/lib/i386-linux-gnu/libpthread.so.0, size=512
read: path=/usr/lib/i386-linux-gnu/libstdc++.so.6, size=512
read: path=/lib/i386-linux-gnu/libm.so.6, size=512
read: path=/lib/i386-linux-gnu/libgcc_s.so.1, size=512
read: path=/lib/i386-linux-gnu/libc.so.6, size=512
Behavior description:打开文件
details:open: path=/etc/ld.so.cache, flags=O_RDONLY|O_CLOEXEC, mode=0
open: path=/lib/i386-linux-gnu/libpthread.so.0, flags=O_RDONLY|O_CLOEXEC, mode=0
open: path=/usr/lib/i386-linux-gnu/libstdc++.so.6, flags=O_RDONLY|O_CLOEXEC, mode=0
open: path=/lib/i386-linux-gnu/libm.so.6, flags=O_RDONLY|O_CLOEXEC, mode=0
open: path=/lib/i386-linux-gnu/libgcc_s.so.1, flags=O_RDONLY|O_CLOEXEC, mode=0
open: path=/lib/i386-linux-gnu/libc.so.6, flags=O_RDONLY|O_CLOEXEC, mode=0
Network behavior
Behavior description:收发UDP数据包
details:192.168.0.** -> 8.8.8.8 DNS 75 Standard query 0x3f4f A wok.kt521.com
8.8.8.8 -> 192.168.0.** DNS 91 Standard query response 0x3f4f A **.133.40.**
192.168.0.** -> 8.8.8.8 DNS 75 Standard query 0xa130 A wok.kt521.com
8.8.8.8 -> 192.168.0.** DNS 91 Standard query response 0xa130 A **.133.40.**
Behavior description:收发TCP数据包
details:192.168.0.** -> **.133.40.** TCP 76 40965 > 5555 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=11047 TSecr=0 WS=4
**.133.40.** -> 192.168.0.** TCP 56 5555 > 40965 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
192.168.0.** -> **.133.40.** TCP 76 40966 > 5555 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=12301 TSecr=0 WS=4
**.133.40.** -> 192.168.0.** TCP 56 5555 > 40966 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
Behavior description:回复DNS请求
details:8.8.8.8 -> 192.168.0.** DNS 91 Standard query response 0x3f4f A **.133.40.**
8.8.8.8 -> 192.168.0.** DNS 91 Standard query response 0xa130 A **.133.40.**
Behavior description:按名称获取主机地址
details:gethostbyname ret=0xf7e539a0, args=["wok.kt521.com"]
Behavior description:发送DNS请求
details:192.168.0.** -> 8.8.8.8 DNS 75 Standard query 0x3f4f A wok.kt521.com
192.168.0.** -> 8.8.8.8 DNS 75 Standard query 0xa130 A wok.kt521.com
Other behavior
Behavior description:控制台格式化输出
details:printf ret=37, args=["curProcessName:%s\n","/tmp/bin/****.elf"]
printf ret=16, args=["mumaSize:%d\n",60761]
printf ret=20, args=["%sisdir.\n","/tmp/EB93A6"]
printf ret=30, args=["%sisdir.\n","/tmp/ssh-6WcUo5nZl2Yd"]
printf ret=30, args=["%sisdir.\n","/tmp/ssh-uiXeJydJVKmm"]
printf ret=22, args=["%sisdir.\n","/root/metrics"]
printf ret=19, args=["%sisdir.\n","/root/test"]
printf ret=22, args=["%sisdir.\n","/root/dynamic"]
printf ret=19, args=["%sisdir.\n","/root/base"]
printf ret=18, args=["%sisdir.\n","/root/log"]
printf ret=19, args=["%sisdir.\n","/root/util"]
printf ret=18, args=["%sisdir.\n","/root/bin"]
printf ret=21, args=["%sisdir.\n","/root/static"]
printf ret=17, args=["it->ifr_name:%s\n","lo"]
printf ret=19, args=["it->ifr_name:%s\n","eth0"]
Behavior description:控制台字符串输出
details:puts ret=22, args=["/tmp/bin/****.elf\n"]
puts ret=8, args=["1.1.1.1"]
puts ret=17, args=["connnectserver."]
puts ret=40, args=["remnuxpts/0Sep2305:"...]
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号