VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:83
Behavior list
Basic Information
MD5:af0b0febd2ca7cad0964710f3fc22bec
file type:ELF64
Production company:
version:
Shell or compiler information:
Process behavior
Behavior description:装载新程序
details:execve: guestsession --session-id=4 --session-proto=2 --user root
execve: /tmp/bin/****.elf
execve:
execve: -c /tmp/tmpnam_Onaild upgrade >/dev/null 2>&1; rm /tmp/tmpnam_Onaild >/dev/null 2>&1
execve: upgrade
execve: -c which ss 1>/dev/null 2>&1
execve: -c which ss
execve: -c which netstat 1>/dev/null 2>&1
execve: -c which netstat
Behavior description:进程结束
details:procexit status=0
Behavior description:clone系统调用
details:clone: nil (PID=2027)
clone: nil (PID=2028)
clone: nil (PID=2029)
clone: nil (PID=2030)
clone: nil (PID=2034)
clone: nil (PID=2035)
clone: nil (PID=2037)
clone: nil (PID=2039)
clone: nil (PID=2042)
clone: nil (PID=2043)
clone: nil (PID=2044)
clone: nil (PID=2045)
clone: nil (PID=2046)
clone: nil (PID=2047)
clone: nil (PID=2048)
File behavior
Behavior description:修改文件
details:write: path=/dev/null, size=155
write: path=/dev/null, size=43
write: path=/dev/null, size=56
write: path=/dev/null, size=82
write: path=/dev/null, size=186
write: path=/dev/null, size=57
write: path=/dev/null, size=58
write: path=/dev/null, size=53
write: path=/dev/null, size=41
writev: path=/tmp/tmpnam_Onaild, size=1223753
write: path=/dev/null, size=8
write: path=/dev/null, size=13
write: path=/bin/wipefs, size=65536
Behavior description:读取文件
details:read: path=/lib/x86_64-linux-gnu/libcrypt.so.1, size=832
read: path=/lib/x86_64-linux-gnu/libdl.so.2, size=832
read: path=/lib/x86_64-linux-gnu/libpthread.so.0, size=832
read: path=/lib/x86_64-linux-gnu/librt.so.1, size=832
read: path=/lib/x86_64-linux-gnu/libc.so.6, size=832
read: path=/lib/x86_64-linux-gnu/libgcc_s.so.1, size=832
read: path=/lib/x86_64-linux-gnu/libselinux.so.1, size=832
read: path=/lib/x86_64-linux-gnu/libacl.so.1, size=832
read: path=/lib/x86_64-linux-gnu/libattr.so.1, size=832
read: path=/lib/x86_64-linux-gnu/libpcre.so.3, size=832
read: path=/usr/bin/which, size=946
read: path=/proc/filesystems, size=347
read: path=/proc/filesystems, size=0
read: path=/tmp/bin/****.elf, size=65536
Behavior description:打开文件
details:open: path=/etc/ld.so.cache, flags=O_RDONLY|O_CLOEXEC, mode=0
open: path=/lib/x86_64-linux-gnu/libcrypt.so.1, flags=O_RDONLY|O_CLOEXEC, mode=0
open: path=/lib/x86_64-linux-gnu/libdl.so.2, flags=O_RDONLY|O_CLOEXEC, mode=0
open: path=/lib/x86_64-linux-gnu/libpthread.so.0, flags=O_RDONLY|O_CLOEXEC, mode=0
open: path=/lib/x86_64-linux-gnu/librt.so.1, flags=O_RDONLY|O_CLOEXEC, mode=0
open: path=/lib/x86_64-linux-gnu/libc.so.6, flags=O_RDONLY|O_CLOEXEC, mode=0
open: path=/usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache, flags=O_RDONLY, mode=0
open: path=/dev/vboxuser, flags=O_RDWR, mode=0
open: path=/dev/null, flags=O_WRONLY, mode=0
open: path=/lib/x86_64-linux-gnu/libgcc_s.so.1, flags=O_RDONLY|O_CLOEXEC, mode=0
open: path=/etc/resolv.conf, flags=O_TRUNC|O_CREAT|O_WRONLY, mode=0
open: path=/tmp/tmpnam_Onaild, flags=O_TRUNC|O_CREAT|O_WRONLY, mode=0
open: path=/dev/null, flags=O_TRUNC|O_CREAT|O_WRONLY, mode=0
open: path=/lib/x86_64-linux-gnu/libselinux.so.1, flags=O_RDONLY|O_CLOEXEC, mode=0
open: path=/lib/x86_64-linux-gnu/libacl.so.1, flags=O_RDONLY|O_CLOEXEC, mode=0
Network behavior
Behavior description:创建套接字
details:socket: domain=1(AF_LOCAL) type=1 proto=0
Behavior description:收发UDP数据包
details:127.0.0.1 -> 127.0.0.1 DNS 77 Standard query 0x967a A s3.wio2lo1n3.pw
192.168.0.** -> 208.67.222.222 DNS 84 Standard query 0x1156 A xmr.pool.minergate.com
208.67.222.222 -> 192.168.0.** DNS 100 Standard query response 0x1156 A xmr.pool.minergate.com A **.133.40.**
114.114.114.114 -> 192.168.0.** DNS 100 Standard query response 0x1156 A xmr.pool.minergate.com A **.133.40.**
192.168.0.** -> 208.67.222.222 DNS 77 Standard query 0x33ec A s3.wio2lo1n3.pw
208.67.222.222 -> 192.168.0.** DNS 93 Standard query response 0x33ec A s3.wio2lo1n3.pw A **.133.40.**
114.114.114.114 -> 192.168.0.** DNS 93 Standard query response 0x33ec A s3.wio2lo1n3.pw A **.133.40.**
192.168.0.** -> 208.67.222.222 DNS 77 Standard query 0xce7e A s3.wio2lo1n3.pw
208.67.222.222 -> 192.168.0.** DNS 93 Standard query response 0xce7e A s3.wio2lo1n3.pw A **.133.40.**
114.114.114.114 -> 192.168.0.** DNS 93 Standard query response 0xce7e A s3.wio2lo1n3.pw A **.133.40.**
192.168.0.** -> 208.67.222.222 DNS 84 Standard query 0x9604 A xmr.pool.minergate.com
208.67.222.222 -> 192.168.0.** DNS 100 Standard query response 0x9604 A xmr.pool.minergate.com A **.133.40.**
114.114.114.114 -> 192.168.0.** DNS 100 Standard query response 0x9604 A xmr.pool.minergate.com A **.133.40.**
192.168.0.** -> 208.67.222.222 DNS 77 Standard query 0x9239 A s3.wio2lo1n3.pw
208.67.222.222 -> 192.168.0.** DNS 93 Standard query response 0x9239 A s3.wio2lo1n3.pw A **.133.40.**
Behavior description:收发TCP数据包
details:192.168.0.** -> 163.17.30.212 TCP 76 45506 → 8525 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=4294952113 TSecr=0 WS=128
163.17.30.212 -> 192.168.0.** TCP 56 8525 → 45506 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
192.168.0.** -> 163.17.30.212 TCP 76 50490 → 1488 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=4294952114 TSecr=0 WS=128
113.59.33.59 -> 192.168.0.** TCP 56 1488 → 50490 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
192.168.0.** -> 163.17.30.212 TCP 76 39013 → 4545 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=4294952115 TSecr=0 WS=128
58.99.32.135 -> 192.168.0.** TCP 56 4545 → 39013 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
192.168.0.** -> 163.17.30.212 TCP 76 60376 → 3142 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=4294952116 TSecr=0 WS=128
125.211.202.186 -> 192.168.0.** TCP 56 3142 → 60376 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
192.168.0.** -> 163.17.30.212 TCP 76 60916 → 2258 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=4294952117 TSecr=0 WS=128
222.43.116.233 -> 192.168.0.** TCP 56 2258 → 60916 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
192.168.0.** -> 163.17.30.212 TCP 76 54562 → 7635 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=4294952119 TSecr=0 WS=128
221.204.214.158 -> 192.168.0.** TCP 56 7635 → 54562 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
192.168.0.** -> 163.17.30.212 TCP 76 36779 → 8434 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=4294952119 TSecr=0 WS=128
218.211.90.199 -> 192.168.0.** TCP 56 8434 → 36779 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
192.168.0.** -> 163.17.30.212 TCP 76 51015 → 8635 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=4294952119 TSecr=0 WS=128
Behavior description:回复DNS请求
details:208.67.222.222 -> 192.168.0.** DNS 100 Standard query response 0x1156 A xmr.pool.minergate.com A **.133.40.**
114.114.114.114 -> 192.168.0.** DNS 100 Standard query response 0x1156 A xmr.pool.minergate.com A **.133.40.**
208.67.222.222 -> 192.168.0.** DNS 93 Standard query response 0x33ec A s3.wio2lo1n3.pw A **.133.40.**
114.114.114.114 -> 192.168.0.** DNS 93 Standard query response 0x33ec A s3.wio2lo1n3.pw A **.133.40.**
208.67.222.222 -> 192.168.0.** DNS 93 Standard query response 0xce7e A s3.wio2lo1n3.pw A **.133.40.**
114.114.114.114 -> 192.168.0.** DNS 93 Standard query response 0xce7e A s3.wio2lo1n3.pw A **.133.40.**
208.67.222.222 -> 192.168.0.** DNS 100 Standard query response 0x9604 A xmr.pool.minergate.com A **.133.40.**
114.114.114.114 -> 192.168.0.** DNS 100 Standard query response 0x9604 A xmr.pool.minergate.com A **.133.40.**
208.67.222.222 -> 192.168.0.** DNS 93 Standard query response 0x9239 A s3.wio2lo1n3.pw A **.133.40.**
114.114.114.114 -> 192.168.0.** DNS 93 Standard query response 0x9239 A s3.wio2lo1n3.pw A **.133.40.**
208.67.222.222 -> 192.168.0.** DNS 93 Standard query response 0xdb56 A s3.wio2lo1n3.pw A **.133.40.**
114.114.114.114 -> 192.168.0.** DNS 93 Standard query response 0xdb56 A s3.wio2lo1n3.pw A **.133.40.**
208.67.222.222 -> 192.168.0.** DNS 93 Standard query response 0xc05c A s3.wio2lo1n3.pw A **.133.40.**
114.114.114.114 -> 192.168.0.** DNS 93 Standard query response 0xc05c A s3.wio2lo1n3.pw A **.133.40.**
208.67.222.222 -> 192.168.0.** DNS 93 Standard query response 0x69f7 A s3.wio2lo1n3.pw A **.133.40.**
Behavior description:发送DNS请求
details:127.0.0.1 -> 127.0.0.1 DNS 77 Standard query 0x967a A s3.wio2lo1n3.pw
192.168.0.** -> 208.67.222.222 DNS 84 Standard query 0x1156 A xmr.pool.minergate.com
192.168.0.** -> 208.67.222.222 DNS 77 Standard query 0x33ec A s3.wio2lo1n3.pw
192.168.0.** -> 208.67.222.222 DNS 77 Standard query 0xce7e A s3.wio2lo1n3.pw
192.168.0.** -> 208.67.222.222 DNS 84 Standard query 0x9604 A xmr.pool.minergate.com
192.168.0.** -> 208.67.222.222 DNS 77 Standard query 0x9239 A s3.wio2lo1n3.pw
192.168.0.** -> 208.67.222.222 DNS 77 Standard query 0xdb56 A s3.wio2lo1n3.pw
192.168.0.** -> 208.67.222.222 DNS 77 Standard query 0xc05c A s3.wio2lo1n3.pw
192.168.0.** -> 208.67.222.222 DNS 77 Standard query 0x69f7 A s3.wio2lo1n3.pw
192.168.0.** -> 208.67.222.222 DNS 77 Standard query 0xda16 A s3.wio2lo1n3.pw
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号