VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

   File information

Virscan.org multi-engine scan report
Behavior analysis report:         Habo file analysis

Basic Information

MD5:99dd48584152704db970a7b536c47bd5
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
Package names:
Minimum operating environment:
copyright:

Process behavior

Behavior description: 装载新程序
details: execve: /tmp/bin/****.elf
execve:
execve: -c ln -s /etc/init.d/DbSecuritySpt /etc/rc1.d/S97DbSecuritySpt
execve: -c ln -s /etc/init.d/DbSecuritySpt /etc/rc2.d/S97DbSecuritySpt
execve: -c ln -s /etc/init.d/DbSecuritySpt /etc/rc3.d/S97DbSecuritySpt
execve: -c ln -s /etc/init.d/DbSecuritySpt /etc/rc4.d/S97DbSecuritySpt
execve: -c ln -s /etc/init.d/DbSecuritySpt /etc/rc5.d/S97DbSecuritySpt
execve: -c mkdir -p /usr/bin/bsd-port
execve: -c cp -f /tmp/bin/****.elf /usr/bin/bsd-port/getty
execve: -c /usr/bin/bsd-port/getty
Behavior description: 进程结束
details: procexit status=0
Behavior description: clone系统调用
details: clone: nil (PID=2400)
clone: nil (PID=2417)
clone: nil (PID=2418)
clone: nil (PID=2419)
clone: nil (PID=2420)
clone: nil (PID=2421)
clone: nil (PID=2422)
clone: nil (PID=2423)
clone: nil (PID=2424)
clone: nil (PID=2425)
clone: nil (PID=2426)
clone: nil (PID=2431)
clone: nil (PID=2432)
clone: nil (PID=2433)
clone: nil (PID=2434)

File behavior

Behavior description: 修改文件
details: write: path=/tmp/gates.lod, size=4
write: path=/etc/init.d/DbSecuritySpt, size=33
write: path=/usr/bin/bsd-port/getty, size=65536
write: path=/usr/bin/bsd-port/getty, size=43475
Behavior description: 读取文件
details: read: path=/lib/x86_64-linux-gnu/libc.so.6, size=832
read: path=/lib/x86_64-linux-gnu/libselinux.so.1, size=832
read: path=/lib/x86_64-linux-gnu/libpcre.so.3, size=832
read: path=/lib/x86_64-linux-gnu/libdl.so.2, size=832
read: path=/proc/filesystems, size=347
read: path=/proc/filesystems, size=0
read: path=/lib/x86_64-linux-gnu/libacl.so.1, size=832
read: path=/lib/x86_64-linux-gnu/libattr.so.1, size=832
read: path=/tmp/bin/****.elf, size=65536
read: path=/tmp/bin/****.elf, size=43475
read: path=/tmp/bin/****.elf, size=0
Behavior description: 打开文件
details: open: path=/dev/null, flags=O_RDWR, mode=0
open: path=/tmp/gates.lod, flags=O_EXCL|O_CREAT|O_RDONLY, mode=0
open: path=/tmp/gates.lod, flags=O_RDWR, mode=0
open: path=/etc/init.d/DbSecuritySpt, flags=O_TRUNC|O_CREAT|O_RDWR, mode=0
open: path=/etc/ld.so.cache, flags=O_RDONLY|O_CLOEXEC, mode=0
open: path=/lib/x86_64-linux-gnu/libc.so.6, flags=O_RDONLY|O_CLOEXEC, mode=0
open: path=/lib/x86_64-linux-gnu/libselinux.so.1, flags=O_RDONLY|O_CLOEXEC, mode=0
open: path=/lib/x86_64-linux-gnu/libpcre.so.3, flags=O_RDONLY|O_CLOEXEC, mode=0
open: path=/lib/x86_64-linux-gnu/libdl.so.2, flags=O_RDONLY|O_CLOEXEC, mode=0
open: path=/proc/filesystems, flags=O_RDONLY, mode=0
open: path=/lib/x86_64-linux-gnu/libacl.so.1, flags=O_RDONLY|O_CLOEXEC, mode=0
open: path=/lib/x86_64-linux-gnu/libattr.so.1, flags=O_RDONLY|O_CLOEXEC, mode=0
open: path=/tmp/bin/****.elf, flags=O_RDONLY, mode=0
open: path=/usr/bin/bsd-port/getty, flags=O_EXCL|O_CREAT|O_WRONLY, mode=0

Network behavior

Behavior description: 收发UDP数据包
details: 192.168.0.** -> 8.8.8.8 DNS 82 Standard query 0x51f3 A tyrantlinux.wicp.net
8.8.8.8 -> 192.168.0.** DNS 98 Standard query response 0x51f3 A **.133.40.**
Behavior description: 收发TCP数据包
details: 192.168.0.** -> **.133.40.** TCP 76 43145 > 57139 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=13412 TSecr=0 WS=128
**.133.40.** -> 192.168.0.** TCP 56 57139 > 43145 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
192.168.0.** -> **.133.40.** TCP 76 43146 > 57139 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=13412 TSecr=0 WS=128
**.133.40.** -> 192.168.0.** TCP 56 57139 > 43146 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
192.168.0.** -> **.133.40.** TCP 76 43147 > 57139 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=13412 TSecr=0 WS=128
**.133.40.** -> 192.168.0.** TCP 56 57139 > 43147 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
192.168.0.** -> **.133.40.** TCP 76 43148 > 57139 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=13412 TSecr=0 WS=128
**.133.40.** -> 192.168.0.** TCP 56 57139 > 43148 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
192.168.0.** -> **.133.40.** TCP 76 43149 > 57139 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=13412 TSecr=0 WS=128
**.133.40.** -> 192.168.0.** TCP 56 57139 > 43149 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
192.168.0.** -> **.133.40.** TCP 76 43150 > 57139 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=13412 TSecr=0 WS=128
**.133.40.** -> 192.168.0.** TCP 56 57139 > 43150 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
192.168.0.** -> **.133.40.** TCP 76 43151 > 57139 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=13412 TSecr=0 WS=128
**.133.40.** -> 192.168.0.** TCP 56 57139 > 43151 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
192.168.0.** -> **.133.40.** TCP 76 43152 > 57139 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=13412 TSecr=0 WS=128
Behavior description: 回复DNS请求
details: 8.8.8.8 -> 192.168.0.** DNS 98 Standard query response 0x51f3 A **.133.40.**
Behavior description: 发送DNS请求
details: 192.168.0.** -> 8.8.8.8 DNS 82 Standard query 0x51f3 A tyrantlinux.wicp.net