VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:32
Behavior list
Basic Information
MD5:caa768d6f7face39dce4f32b5a4c66bc
file type:ELF32
Production company:
version:
Shell or compiler information:
Key behavior
Behavior description:自删除
details:self delete detected, PATH=/tmp/bin/****.elf
Process behavior
Behavior description:装载新程序
details:execve: /tmp/bin/****.elf
Behavior description:进程结束
details:procexit status=0
Behavior description:clone系统调用
details:clone: nil (PID=2056)
clone: nil (PID=2057)
clone: nil (PID=2058)
File behavior
Behavior description:修改文件
details:write: path=/lib/libudev4.so, size=4096
write: path=/lib/libudev4.so, size=5
write: path=/usr/bin/efkbhjkrwx, size=4096
write: path=/usr/bin/efkbhjkrwx, size=5
write: path=/usr/bin/efkbhjkrwx, size=11
Behavior description:读取文件
details:read: path=/tmp/bin/****.elf, size=4096
read: path=/tmp/bin/****.elf, size=5
read: path=/tmp/bin/****.elf, size=0
Behavior description:自删除
details:self delete detected, PATH=/tmp/bin/****.elf
Behavior description:打开文件
details:open: path=/dev/null, flags=O_RDWR, mode=0
open: path=/tmp/bin/****.elf, flags=O_RDONLY, mode=0
open: path=/lib/libudev4.so, flags=O_CREAT|O_WRONLY, mode=0
open: path=/usr/bin/efkbhjkrwx, flags=O_CREAT|O_WRONLY, mode=0
open: path=/usr/bin/efkbhjkrwx, flags=O_WRONLY, mode=0
Network behavior
Behavior description:收发UDP数据包
details:192.168.0.** -> 103.25.9.228 DNS 75 Standard query 0xa9d7 A siy.f3322.org
192.168.0.** -> 103.25.9.228 DNS 75 Standard query 0xabc0 A siy.f3322.org
192.168.0.** -> 103.25.9.228 DNS 76 Standard query 0xceeb A gh.dsaj2a1.org
192.168.0.** -> 103.25.9.228 DNS 76 Standard query 0x95bf A gh.dsaj2a1.org
192.168.0.** -> 103.25.9.228 DNS 75 Standard query 0xa931 A siy.f3322.org
192.168.0.** -> 103.25.9.228 DNS 75 Standard query 0xca58 A siy.f3322.org
192.168.0.** -> 103.25.9.228 DNS 76 Standard query 0x12c5 A gh.dsaj2a1.org
192.168.0.** -> 103.25.9.228 DNS 76 Standard query 0x357b A gh.dsaj2a1.org
192.168.0.** -> 103.25.9.228 DNS 75 Standard query 0xd332 A siy.f3322.org
192.168.0.** -> 103.25.9.228 DNS 75 Standard query 0xaf50 A siy.f3322.org
192.168.0.** -> 103.25.9.228 DNS 76 Standard query 0x6176 A gh.dsaj2a1.org
192.168.0.** -> 103.25.9.228 DNS 76 Standard query 0x572a A gh.dsaj2a1.org
192.168.0.** -> 103.25.9.228 DNS 75 Standard query 0x007c A siy.f3322.org
192.168.0.** -> 103.25.9.228 DNS 75 Standard query 0xacc1 A siy.f3322.org
192.168.0.** -> 103.25.9.228 DNS 76 Standard query 0x9a8e A gh.dsaj2a1.org
Behavior description:收发TCP数据包
details:127.0.0.1 -> 127.0.0.1 TCP 76 43856 → 2488 [SYN] Seq=0 Win=43690 Len=0 MSS=65495 SACK_PERM=1 TSval=4294952146 TSecr=0 WS=128
127.0.0.1 -> 127.0.0.1 TCP 56 2488 → 43856 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
192.168.0.** -> 222.186.15.19 TCP 76 58701 → 2488 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=4294952146 TSecr=0 WS=128
222.186.15.19 -> 192.168.0.** TCP 56 2488 → 58701 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
127.0.0.1 -> 127.0.0.1 TCP 76 43858 → 2488 [SYN] Seq=0 Win=43690 Len=0 MSS=65495 SACK_PERM=1 TSval=4294952158 TSecr=0 WS=128
127.0.0.1 -> 127.0.0.1 TCP 56 2488 → 43858 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
127.0.0.1 -> 127.0.0.1 TCP 76 43859 → 2488 [SYN] Seq=0 Win=43690 Len=0 MSS=65495 SACK_PERM=1 TSval=4294952170 TSecr=0 WS=128
127.0.0.1 -> 127.0.0.1 TCP 56 2488 → 43859 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
192.168.0.** -> 222.186.15.19 TCP 76 58704 → 2488 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=4294952171 TSecr=0 WS=128
222.186.15.19 -> 192.168.0.** TCP 56 2488 → 58704 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
127.0.0.1 -> 127.0.0.1 TCP 76 43861 → 2488 [SYN] Seq=0 Win=43690 Len=0 MSS=65495 SACK_PERM=1 TSval=4294952180 TSecr=0 WS=128
127.0.0.1 -> 127.0.0.1 TCP 56 2488 → 43861 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
127.0.0.1 -> 127.0.0.1 TCP 76 43862 → 2488 [SYN] Seq=0 Win=43690 Len=0 MSS=65495 SACK_PERM=1 TSval=4294952193 TSecr=0 WS=128
127.0.0.1 -> 127.0.0.1 TCP 56 2488 → 43862 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
192.168.0.** -> 222.186.15.19 TCP 76 58707 → 2488 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=4294952193 TSecr=0 WS=128
Behavior description:发送DNS请求
details:192.168.0.** -> 103.25.9.228 DNS 75 Standard query 0xa9d7 A siy.f3322.org
192.168.0.** -> 103.25.9.228 DNS 75 Standard query 0xabc0 A siy.f3322.org
192.168.0.** -> 103.25.9.228 DNS 76 Standard query 0xceeb A gh.dsaj2a1.org
192.168.0.** -> 103.25.9.228 DNS 76 Standard query 0x95bf A gh.dsaj2a1.org
192.168.0.** -> 103.25.9.228 DNS 75 Standard query 0xa931 A siy.f3322.org
192.168.0.** -> 103.25.9.228 DNS 75 Standard query 0xca58 A siy.f3322.org
192.168.0.** -> 103.25.9.228 DNS 76 Standard query 0x12c5 A gh.dsaj2a1.org
192.168.0.** -> 103.25.9.228 DNS 76 Standard query 0x357b A gh.dsaj2a1.org
192.168.0.** -> 103.25.9.228 DNS 75 Standard query 0xd332 A siy.f3322.org
192.168.0.** -> 103.25.9.228 DNS 75 Standard query 0xaf50 A siy.f3322.org
192.168.0.** -> 103.25.9.228 DNS 76 Standard query 0x6176 A gh.dsaj2a1.org
192.168.0.** -> 103.25.9.228 DNS 76 Standard query 0x572a A gh.dsaj2a1.org
192.168.0.** -> 103.25.9.228 DNS 75 Standard query 0x007c A siy.f3322.org
192.168.0.** -> 103.25.9.228 DNS 75 Standard query 0xacc1 A siy.f3322.org
192.168.0.** -> 103.25.9.228 DNS 76 Standard query 0x9a8e A gh.dsaj2a1.org
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号