VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:32
Behavior list
Basic Information
MD5:d218e0dcc5dea14ebdcf9e2884fa29b2
file type:ELF32
Production company:
version:
Shell or compiler information:
Key behavior
Behavior description:自删除
details:self delete detected, PATH=/tmp/bin/****.elf
Process behavior
Behavior description:装载新程序
details:execve: /tmp/bin/****.elf
execve:
execve: -c sed -i '//etc/cron.hourly/gcc4.sh/d' /etc/crontab && echo '*/3 * * * * root /etc/cron.hourly/gcc4.sh' >> /etc/crontab
execve:
Behavior description:进程结束
details:procexit status=0
Behavior description:clone系统调用
details:clone: nil (PID=2400)
clone: nil (PID=2401)
clone: nil (PID=2402)
clone: nil (PID=2403)
clone: nil (PID=2404)
clone: nil (PID=2405)
clone: nil (PID=2406)
clone: nil (PID=2407)
clone: nil (PID=2408)
clone: nil (PID=2409)
clone: nil (PID=2410)
clone: nil (PID=2411)
clone: nil (PID=2412)
clone: nil (PID=2413)
clone: nil (PID=2414)
File behavior
Behavior description:修改文件
details:write: path=/lib/libudev4.so, size=4096
write: path=/lib/libudev4.so, size=5
write: path=/usr/bin/qkjpnfdwyr, size=4096
write: path=/usr/bin/qkjpnfdwyr, size=5
write: path=/usr/bin/qkjpnfdwyr, size=11
write: path=/etc/init.d/qkjpnfdwyr, size=323
write: path=/etc/cron.hourly/gcc4.sh, size=149
write: path=/etc/sedFCEAL0, size=36
write: path=/etc/sedFCEAL0, size=63
write: path=/etc/sedFCEAL0, size=61
write: path=/etc/sedFCEAL0, size=67
write: path=/etc/sedFCEAL0, size=38
write: path=/etc/sedFCEAL0, size=1
write: path=/etc/sedFCEAL0, size=14
write: path=/etc/sedFCEAL0, size=66
Behavior description:读取文件
details:read: path=/tmp/bin/****.elf, size=4096
read: path=/tmp/bin/****.elf, size=5
read: path=/tmp/bin/****.elf, size=0
read: path=/lib/x86_64-linux-gnu/libc.so.6, size=832
read: path=/lib/x86_64-linux-gnu/libselinux.so.1, size=832
read: path=/lib/x86_64-linux-gnu/libpcre.so.3, size=832
read: path=/lib/x86_64-linux-gnu/libdl.so.2, size=832
read: path=/proc/filesystems, size=347
read: path=/proc/filesystems, size=0
read: path=/usr/lib/libperl.so.5.18, size=832
read: path=/lib/x86_64-linux-gnu/libm.so.6, size=832
read: path=/lib/x86_64-linux-gnu/libpthread.so.0, size=832
read: path=/lib/x86_64-linux-gnu/libcrypt.so.1, size=832
read: path=/etc/crontab, size=722
read: path=/etc/crontab, size=0
Behavior description:自删除
details:self delete detected, PATH=/tmp/bin/****.elf
Behavior description:打开文件
details:open: path=/dev/null, flags=O_RDWR, mode=0
open: path=/tmp/bin/****.elf, flags=O_RDONLY, mode=0
open: path=/lib/libudev4.so, flags=O_CREAT|O_WRONLY, mode=0
open: path=/usr/bin/qkjpnfdwyr, flags=O_CREAT|O_WRONLY, mode=0
open: path=/usr/bin/qkjpnfdwyr, flags=O_WRONLY, mode=0
open: path=/etc/init.d/qkjpnfdwyr, flags=O_CREAT|O_WRONLY, mode=0
open: path=/etc/cron.hourly/gcc4.sh, flags=O_CREAT|O_WRONLY, mode=0
open: path=/etc/ld.so.cache, flags=O_RDONLY|O_CLOEXEC, mode=0
open: path=/lib/x86_64-linux-gnu/libc.so.6, flags=O_RDONLY|O_CLOEXEC, mode=0
open: path=/lib/x86_64-linux-gnu/libselinux.so.1, flags=O_RDONLY|O_CLOEXEC, mode=0
open: path=/lib/x86_64-linux-gnu/libpcre.so.3, flags=O_RDONLY|O_CLOEXEC, mode=0
open: path=/lib/x86_64-linux-gnu/libdl.so.2, flags=O_RDONLY|O_CLOEXEC, mode=0
open: path=/proc/filesystems, flags=O_RDONLY, mode=0
open: path=/etc/crontab, flags=O_RDONLY, mode=0
open: path=/usr/lib/libperl.so.5.18, flags=O_RDONLY|O_CLOEXEC, mode=0
Network behavior
Behavior description:创建套接字
details:socket: domain=2(AF_INET) type=1 proto=0
socket: domain=2(AF_INET) type=2 proto=0
Behavior description:回复DNS请求
details:103.25.9.228 -> 192.168.0.** DNS 96 Standard query response 0xe681 A **.133.40.**
8.8.8.8 -> 192.168.0.** DNS 96 Standard query response 0x4920 A **.133.40.**
103.25.9.228 -> 192.168.0.** DNS 92 Standard query response 0x105f A **.133.40.**
8.8.8.8 -> 192.168.0.** DNS 92 Standard query response 0x54da A **.133.40.**
103.25.9.228 -> 192.168.0.** DNS 96 Standard query response 0x6012 A **.133.40.**
8.8.8.8 -> 192.168.0.** DNS 96 Standard query response 0x7fdf A **.133.40.**
103.25.9.228 -> 192.168.0.** DNS 92 Standard query response 0xbf5f A **.133.40.**
8.8.8.8 -> 192.168.0.** DNS 92 Standard query response 0xa277 A **.133.40.**
103.25.9.228 -> 192.168.0.** DNS 96 Standard query response 0x1b72 A **.133.40.**
8.8.8.8 -> 192.168.0.** DNS 96 Standard query response 0xff51 A **.133.40.**
103.25.9.228 -> 192.168.0.** DNS 92 Standard query response 0x88e0 A **.133.40.**
8.8.8.8 -> 192.168.0.** DNS 92 Standard query response 0x7a4a A **.133.40.**
103.25.9.228 -> 192.168.0.** DNS 96 Standard query response 0xdb90 A **.133.40.**
8.8.8.8 -> 192.168.0.** DNS 96 Standard query response 0x839e A **.133.40.**
103.25.9.228 -> 192.168.0.** DNS 92 Standard query response 0xa78a A **.133.40.**
Behavior description:收发UDP数据包
details:192.168.0.** -> 103.25.9.228 DNS 80 Standard query 0xe681 A shaoqian.f3322.org
103.25.9.228 -> 192.168.0.** DNS 96 Standard query response 0xe681 A **.133.40.**
192.168.0.** -> 103.25.9.228 DNS 80 Standard query 0x4920 A shaoqian.f3322.org
8.8.8.8 -> 192.168.0.** DNS 96 Standard query response 0x4920 A **.133.40.**
192.168.0.** -> 103.25.9.228 DNS 76 Standard query 0x105f A gh.dsaj2a1.org
103.25.9.228 -> 192.168.0.** DNS 92 Standard query response 0x105f A **.133.40.**
192.168.0.** -> 103.25.9.228 DNS 76 Standard query 0x54da A gh.dsaj2a1.org
8.8.8.8 -> 192.168.0.** DNS 92 Standard query response 0x54da A **.133.40.**
192.168.0.** -> 103.25.9.228 DNS 80 Standard query 0x6012 A shaoqian.f3322.org
103.25.9.228 -> 192.168.0.** DNS 96 Standard query response 0x6012 A **.133.40.**
192.168.0.** -> 103.25.9.228 DNS 80 Standard query 0x7fdf A shaoqian.f3322.org
8.8.8.8 -> 192.168.0.** DNS 96 Standard query response 0x7fdf A **.133.40.**
192.168.0.** -> 103.25.9.228 DNS 76 Standard query 0xbf5f A gh.dsaj2a1.org
103.25.9.228 -> 192.168.0.** DNS 92 Standard query response 0xbf5f A **.133.40.**
192.168.0.** -> 103.25.9.228 DNS 76 Standard query 0xa277 A gh.dsaj2a1.org
Behavior description:收发TCP数据包
details:192.168.0.** -> 183.60.202.2 TCP 76 47812 > 2444 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=10952 TSecr=0 WS=128
183.60.202.2 -> 192.168.0.** TCP 56 2444 > 47812 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
127.0.0.1 -> 127.0.0.1 TCP 76 53276 > 2444 [SYN] Seq=0 Win=43690 Len=0 MSS=65495 SACK_PERM=1 TSval=11051 TSecr=0 WS=128
127.0.0.1 -> 127.0.0.1 TCP 56 2444 > 53276 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
127.0.0.1 -> 127.0.0.1 TCP 76 53277 > 2444 [SYN] Seq=0 Win=43690 Len=0 MSS=65495 SACK_PERM=1 TSval=11058 TSecr=0 WS=128
127.0.0.1 -> 127.0.0.1 TCP 56 2444 > 53277 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
192.168.0.** -> 183.60.202.2 TCP 76 47815 > 2444 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=11058 TSecr=0 WS=128
183.60.202.2 -> 192.168.0.** TCP 56 2444 > 47815 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
127.0.0.1 -> 127.0.0.1 TCP 76 53279 > 2444 [SYN] Seq=0 Win=43690 Len=0 MSS=65495 SACK_PERM=1 TSval=11066 TSecr=0 WS=128
127.0.0.1 -> 127.0.0.1 TCP 56 2444 > 53279 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
127.0.0.1 -> 127.0.0.1 TCP 76 53280 > 2444 [SYN] Seq=0 Win=43690 Len=0 MSS=65495 SACK_PERM=1 TSval=11074 TSecr=0 WS=128
127.0.0.1 -> 127.0.0.1 TCP 56 2444 > 53280 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
192.168.0.** -> 183.60.202.2 TCP 76 47818 > 2444 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=11074 TSecr=0 WS=128
183.60.202.2 -> 192.168.0.** TCP 56 2444 > 47818 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
127.0.0.1 -> 127.0.0.1 TCP 76 53282 > 2444 [SYN] Seq=0 Win=43690 Len=0 MSS=65495 SACK_PERM=1 TSval=11082 TSecr=0 WS=128
Behavior description:connect
details:connect: 192.168.0.**:47812->183.60.202.2:2444
connect: 127.0.0.1:53276->0.0.0.0:2444
connect: 127.0.0.1:53277->0.0.0.0:2444
connect: 192.168.0.**:47815->183.60.202.2:2444
connect: 127.0.0.1:53279->0.0.0.0:2444
connect: 127.0.0.1:53280->0.0.0.0:2444
connect: 192.168.0.**:47818->183.60.202.2:2444
connect: 127.0.0.1:53282->0.0.0.0:2444
connect: 127.0.0.1:53283->0.0.0.0:2444
connect: 192.168.0.**:47821->183.60.202.2:2444
connect: 127.0.0.1:53285->0.0.0.0:2444
connect: 127.0.0.1:53286->0.0.0.0:2444
connect: 192.168.0.**:47824->183.60.202.2:2444
connect: 127.0.0.1:53288->0.0.0.0:2444
connect: 127.0.0.1:53289->0.0.0.0:2444
Behavior description:发送DNS请求
details:192.168.0.** -> 103.25.9.228 DNS 80 Standard query 0xe681 A shaoqian.f3322.org
192.168.0.** -> 103.25.9.228 DNS 80 Standard query 0x4920 A shaoqian.f3322.org
192.168.0.** -> 103.25.9.228 DNS 76 Standard query 0x105f A gh.dsaj2a1.org
192.168.0.** -> 103.25.9.228 DNS 76 Standard query 0x54da A gh.dsaj2a1.org
192.168.0.** -> 103.25.9.228 DNS 80 Standard query 0x6012 A shaoqian.f3322.org
192.168.0.** -> 103.25.9.228 DNS 80 Standard query 0x7fdf A shaoqian.f3322.org
192.168.0.** -> 103.25.9.228 DNS 76 Standard query 0xbf5f A gh.dsaj2a1.org
192.168.0.** -> 103.25.9.228 DNS 76 Standard query 0xa277 A gh.dsaj2a1.org
192.168.0.** -> 103.25.9.228 DNS 80 Standard query 0x1b72 A shaoqian.f3322.org
192.168.0.** -> 103.25.9.228 DNS 80 Standard query 0xff51 A shaoqian.f3322.org
192.168.0.** -> 103.25.9.228 DNS 76 Standard query 0x88e0 A gh.dsaj2a1.org
192.168.0.** -> 103.25.9.228 DNS 76 Standard query 0x7a4a A gh.dsaj2a1.org
192.168.0.** -> 103.25.9.228 DNS 80 Standard query 0xdb90 A shaoqian.f3322.org
192.168.0.** -> 103.25.9.228 DNS 80 Standard query 0x839e A shaoqian.f3322.org
192.168.0.** -> 103.25.9.228 DNS 76 Standard query 0xa78a A gh.dsaj2a1.org
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号