Nantes Hardware
Connectes toi !

Rejoignez le forum, c’est rapide et facile

Nantes Hardware
Connectes toi !
Nantes Hardware
Vous souhaitez réagir à ce message ? Créez un compte en quelques clics ou connectez-vous pour continuer.

Forum informatique

-50%
Le deal à ne pas rater :
-50% Baskets Nike Air Huarache
64.99 € 129.99 €
Voir le deal
Le Deal du moment :
TCL C74 Series 55C743 – TV 55” 4K QLED 144 ...
Voir le deal
499 €

Virustotal Uploader

3 participants

Nantes Hardware :: Sécurité :: Malwares, Spam & Phishing

Aller en bas

Virustotal Uploader Empty Virustotal Uploader

Message par Freyja Sam 23 Jan 2010 - 14:11

J'ai déjà un peu parlé de www.virustotal.com et de leur outil d'upload des fichiers à tester.

Auparavant, on ne pouvait uploader que depuis le bouton droit de la souris en cliquant sur un fichier :

Virustotal Uploader Vtu2-3

La nouvelle version (2.0) permet d'uploader jusqu'à 5 fichiers simultanément dans la limite de 20 Mo, d'envoyer directement un process en mémoire et il y a un pre-check du md5.

Virustotal Uploader Virustotal-uploader-2

Télécharger VirusTotal Uploader

Source : http://www.raymond.cc/blog/archives/2009/12/14/virustotal-uploader-2-0-supports-uploading-up-to-five-20mb-files/

Mais voilà ce que ça donne en live sur un fichier infectieux :

Virustotal Uploader 2010-01-23_135703

Virustotal Uploader 2010-01-23_135731

Résultat avant re-scan : http://www.virustotal.com/analisis/c75231956bc71730faf5497c2e49934c943676eb85a9f00b6e1ca0d026ad8ec6-1264249803
File IMG78764_88.JPG-www.myspace.com.e received on 2010.01.21 17:52:34 (UTC)
AntivirusVersionLast UpdateResult
a-squared4.5.0.502010.01.21-
AhnLab-V35.0.0.22010.01.21-
AntiVir7.9.1.1462010.01.21TR/Dropper.Gen
Antiy-AVL2.0.3.72010.01.21-
Authentium5.2.0.52010.01.21-
Avast4.8.1351.02010.01.21-
AVG9.0.0.7302010.01.21-
BitDefender7.22010.01.21GenPack:Generic.Malware.SYBd!dldsp.BB50AEFB
CAT-QuickHeal10.002010.01.21-
ClamAV0.94.12010.01.21-
Comodo36592010.01.21-
DrWeb5.0.1.122222010.01.21BackDoor.IRC.Sdbot
eSafe7.0.17.02010.01.20-
eTrust-Vet35.2.72502010.01.21-
F-Prot4.5.1.852010.01.20-
F-Secure9.0.15370.02010.01.21GenPack:Generic.Malware.SYBd!dldsp.BB50AEFB
Fortinet4.0.14.02010.01.21-
GData192010.01.21GenPack:Generic.Malware.SYBd!dldsp.BB50AEFB
IkarusT3.1.1.80.02010.01.21-
Jiangmin13.0.9002010.01.21-
K7AntiVirus7.10.9512010.01.20-
Kaspersky7.0.0.1252010.01.21-
McAfee58672010.01.20-
McAfee+Artemis58672010.01.20-
McAfee-GW-Edition6.8.52010.01.21Trojan.Dropper.Gen
Microsoft1.53022010.01.21VirTool:Win32/CeeInject.gen!A
NOD3247912010.01.20-
Norman6.04.032010.01.20-
nProtect2009.1.8.02010.01.21Trojan/W32.Agent.178688.AM
Panda10.0.2.22010.01.21-
PCTools7.0.3.52010.01.21-
Prevx3.02010.01.21-
Rising22.31.03.042010.01.21-
Sophos4.50.02010.01.21-
Sunbelt3.2.1858.22010.01.21-
Symantec20091.2.0.412010.01.21-
TheHacker6.5.0.8.1572010.01.21-
TrendMicro9.120.0.10042010.01.21-
VBA323.12.12.12010.01.20-
ViRobot2010.1.21.21482010.01.21-
VirusBuster5.0.21.02010.01.20-
Additional information
File size: 178688 bytes
MD5 : 89cee2f81926c78f5b5ecbdb855b86e1
SHA1 : d3fec77aa85cd1848365ddc702a826eabec891dd
SHA256: c75231956bc71730faf5497c2e49934c943676eb85a9f00b6e1ca0d026ad8ec6
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x645C
timedatestamp.....: 0x480251CD (Sun Apr 13 20:32:45 2008)
machinetype.......: 0x14C (Intel I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x99C8 0x9A00 6.58 fd7744c26c2bf4d279968be94b283b11
.data 0xB000 0x1BE4 0x400 4.25 99858e86526942a66950c7139f78a725
.rsrc 0xD000 0x216BC 0x21800 7.38 c6cc0739038b473d67f0f4f81bd3cc99

( 6 imports )

> advapi32.dll: FreeSid, AllocateAndInitializeSid, EqualSid, GetTokenInformation, OpenProcessToken, AdjustTokenPrivileges, LookupPrivilegeValueA, RegCloseKey, RegDeleteValueA, RegOpenKeyExA, RegSetValueExA, RegQueryValueExA, RegCreateKeyExA, RegQueryInfoKeyA
> comctl32.dll: -
> gdi32.dll: GetDeviceCaps
> kernel32.dll: LocalFree, LocalAlloc, GetLastError, GetCurrentProcess, lstrlenA, GetModuleFileNameA, GetSystemDirectoryA, _lclose, _llseek, _lopen, WritePrivateProfileStringA, GetWindowsDirectoryA, CreateDirectoryA, GetFileAttributesA, ExpandEnvironmentStringsA, lstrcpyA, GlobalFree, GlobalUnlock, GlobalLock, GlobalAlloc, IsDBCSLeadByte, GetShortPathNameA, GetPrivateProfileStringA, GetPrivateProfileIntA, lstrcmpiA, RemoveDirectoryA, FindClose, FindNextFileA, DeleteFileA, SetFileAttributesA, lstrcmpA, FindFirstFileA, FreeResource, GetProcAddress, LoadResource, SizeofResource, FindResourceA, lstrcatA, CloseHandle, WriteFile, SetFilePointer, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, SetCurrentDirectoryA, GetTempFileNameA, ExitProcess, CreateFileA, LoadLibraryExA, lstrcpynA, GetVolumeInformationA, FormatMessageA, GetCurrentDirectoryA, GetVersionExA, GetExitCodeProcess, WaitForSingleObject, CreateProcessA, GetTempPathA, GetSystemInfo, CreateMutexA, SetEvent, CreateEventA, CreateThread, ResetEvent, TerminateThread, GetDriveTypeA, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, ReadFile, LoadLibraryA, GetDiskFreeSpaceA, MulDiv, EnumResourceLanguagesA, FreeLibrary, LockResource
> user32.dll: ExitWindowsEx, wsprintfA, CharNextA, CharUpperA, CharPrevA, SetWindowLongA, GetWindowLongA, CallWindowProcA, DispatchMessageA, MsgWaitForMultipleObjects, PeekMessageA, SendMessageA, SetWindowPos, ReleaseDC, GetDC, GetWindowRect, SendDlgItemMessageA, GetDlgItem, SetForegroundWindow, SetWindowTextA, MessageBoxA, DialogBoxIndirectParamA, ShowWindow, EnableWindow, GetDlgItemTextA, EndDialog, GetDesktopWindow, MessageBeep, SetDlgItemTextA, LoadStringA, GetSystemMetrics
> version.dll: GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA

( 0 exports )
TrID : File type identification
Win64 Executable Generic (63.0%)
Win32 Executable MS Visual C++ (generic) (27.7%)
Win32 Executable Generic (6.2%)
Generic Win/DOS Executable (1.4%)
DOS Executable Generic (1.4%)
ssdeep: 3072:HGu9BlfzWIbXWm+w0J15rG0P3+wOWM49cExNJ6s6OOsIcgY/5oEQ:H/0uo3G0PCz49cEpjOsIcjRm
Prevx Info: http://info.prevx.com/aboutprogramtext.asp?PX5=C80123880092EC2ABA7E02DEB3FDF3002DED42E6
PEiD : -
packers (F-Prot): CAB
RDS : NSRL Reference Data Set
-

On ne sait pas trop de quel virus il s'agit mais c'est clair que c'est un virus, on n'a que des détections génériques et seulement 8 détections.

Entretemps (entre avant-hier et aujourd'hui) j'ai uploadé le fichier infectieux pour analyse à travers le site de malekal.

Donc, on ré-upload le fichier + Re-scan :

Virustotal Uploader 2010-01-23_135853

Virustotal Uploader 2010-01-23_135905

Virustotal Uploader 2010-01-23_135929

Virustotal Uploader 2010-01-23_135940

Virustotal Uploader 2010-01-23_140005

Après rescan :

File IMG78764_88.JPG-www.myspace.com.e received on 2010.01.23 12:59:42 (UTC)
AntivirusVersionLast UpdateResult
a-squared4.5.0.502010.01.23Virus.Win32.CeeInject!IK
AhnLab-V35.0.0.22010.01.23-
AntiVir7.9.1.1462010.01.22TR/Dropper.Gen
Antiy-AVL2.0.3.72010.01.22-
Authentium5.2.0.52010.01.23-
Avast4.8.1351.02010.01.22-
AVG9.0.0.7302010.01.23IRC/BackDoor.SdBot4.PQF.dropper
BitDefender7.22010.01.23GenPack:Generic.Malware.SYBd!dldsp.BB50AEFB
CAT-QuickHeal10.002010.01.22-
ClamAV0.94.12010.01.22-
Comodo36812010.01.23-
DrWeb5.0.1.122222010.01.23BackDoor.IRC.Sdbot
eSafe7.0.17.02010.01.21-
eTrust-Vet35.2.72552010.01.22-
F-Prot4.5.1.852010.01.22-
F-Secure9.0.15370.02010.01.23GenPack:Generic.Malware.SYBd!dldsp.BB50AEFB
Fortinet4.0.14.02010.01.23W32/Buzus.CZZO!tr
GData192010.01.23GenPack:Generic.Malware.SYBd!dldsp.BB50AEFB
IkarusT3.1.1.80.02010.01.23Virus.Win32.CeeInject
Jiangmin13.0.9002010.01.23Trojan/Buzus.zit
K7AntiVirus7.10.9522010.01.22-
Kaspersky7.0.0.1252010.01.23Trojan.Win32.Buzus.czzo
McAfee58692010.01.22-
McAfee+Artemis58692010.01.22Artemis!89CEE2F81926
McAfee-GW-Edition6.8.52010.01.23Trojan.Dropper.Gen
Microsoft1.54052010.01.23VirTool:Win32/CeeInject.gen!A
NOD3247992010.01.23-
Norman6.04.032010.01.23-
nProtect2009.1.8.02010.01.23Trojan/W32.Agent.178688.AM
Panda10.0.2.22010.01.22Suspicious file
PCTools7.0.3.52010.01.23-
Prevx3.02010.01.23High Risk Cloaked Malware
Rising22.31.04.042010.01.22Trojan.Win32.Generic.51F7F60A
Sophos4.50.02010.01.23Mal/Generic-A
Sunbelt3.2.1858.22010.01.23Trojan.Win32.Generic!SB.0
Symantec20091.2.0.412010.01.23-
TheHacker6.5.0.9.1602010.01.23-
TrendMicro9.120.0.10042010.01.23-
VBA323.12.12.12010.01.21-
ViRobot2010.1.23.21522010.01.23-
VirusBuster5.0.21.02010.01.22-
Additional information
File size: 178688 bytes
MD5...: 89cee2f81926c78f5b5ecbdb855b86e1
SHA1..: d3fec77aa85cd1848365ddc702a826eabec891dd
SHA256: c75231956bc71730faf5497c2e49934c943676eb85a9f00b6e1ca0d026ad8ec6
ssdeep: 3072:HGu9BlfzWIbXWm+w0J15rG0P3+wOWM49cExNJ6s6OOsIcgY/5oEQ:H/0uo3
G0PCz49cEpjOsIcjRm
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x645c
timedatestamp.....: 0x480251cd (Sun Apr 13 18:32:45 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x99c8 0x9a00 6.58 fd7744c26c2bf4d279968be94b283b11
.data 0xb000 0x1be4 0x400 4.25 99858e86526942a66950c7139f78a725
.rsrc 0xd000 0x216bc 0x21800 7.38 c6cc0739038b473d67f0f4f81bd3cc99

( 6 imports )
> ADVAPI32.dll: FreeSid, AllocateAndInitializeSid, EqualSid, GetTokenInformation, OpenProcessToken, AdjustTokenPrivileges, LookupPrivilegeValueA, RegCloseKey, RegDeleteValueA, RegOpenKeyExA, RegSetValueExA, RegQueryValueExA, RegCreateKeyExA, RegQueryInfoKeyA
> KERNEL32.dll: LocalFree, LocalAlloc, GetLastError, GetCurrentProcess, lstrlenA, GetModuleFileNameA, GetSystemDirectoryA, _lclose, _llseek, _lopen, WritePrivateProfileStringA, GetWindowsDirectoryA, CreateDirectoryA, GetFileAttributesA, ExpandEnvironmentStringsA, lstrcpyA, GlobalFree, GlobalUnlock, GlobalLock, GlobalAlloc, IsDBCSLeadByte, GetShortPathNameA, GetPrivateProfileStringA, GetPrivateProfileIntA, lstrcmpiA, RemoveDirectoryA, FindClose, FindNextFileA, DeleteFileA, SetFileAttributesA, lstrcmpA, FindFirstFileA, FreeResource, GetProcAddress, LoadResource, SizeofResource, FindResourceA, lstrcatA, CloseHandle, WriteFile, SetFilePointer, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, SetCurrentDirectoryA, GetTempFileNameA, ExitProcess, CreateFileA, LoadLibraryExA, lstrcpynA, GetVolumeInformationA, FormatMessageA, GetCurrentDirectoryA, GetVersionExA, GetExitCodeProcess, WaitForSingleObject, CreateProcessA, GetTempPathA, GetSystemInfo, CreateMutexA, SetEvent, CreateEventA, CreateThread, ResetEvent, TerminateThread, GetDriveTypeA, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, ReadFile, LoadLibraryA, GetDiskFreeSpaceA, MulDiv, EnumResourceLanguagesA, FreeLibrary, LockResource
> GDI32.dll: GetDeviceCaps
> USER32.dll: ExitWindowsEx, wsprintfA, CharNextA, CharUpperA, CharPrevA, SetWindowLongA, GetWindowLongA, CallWindowProcA, DispatchMessageA, MsgWaitForMultipleObjects, PeekMessageA, SendMessageA, SetWindowPos, ReleaseDC, GetDC, GetWindowRect, SendDlgItemMessageA, GetDlgItem, SetForegroundWindow, SetWindowTextA, MessageBoxA, DialogBoxIndirectParamA, ShowWindow, EnableWindow, GetDlgItemTextA, EndDialog, GetDesktopWindow, MessageBeep, SetDlgItemTextA, LoadStringA, GetSystemMetrics
> COMCTL32.dll: -
> VERSION.dll: GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA

( 0 exports )
RDS...: NSRL Reference Data Set
-
packers (F-Prot): CAB
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Win32 Cabinet Self-Extractor
original name: WEXTRACT.EXE
internal name: Wextract
file version.: 6.00.2900.5512 (xpsp.080413-2105)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
pdfid.: -
http://info.prevx.com/aboutprogramtext.asp?PX5=C80123880092EC2ABA7E02DEB3FDF3002DED42E6
trid..: Win64 Executable Generic (63.0%)
Win32 Executable MS Visual C++ (generic) (27.7%)
Win32 Executable Generic (6.2%)
Generic Win/DOS Executable (1.4%)
DOS Executable Generic (1.4%)

PS: si ça intéresse quelqu'un j'ai fais un script sous linux qui permet d'uploader un fichier depuis Linux vers www.virustotal.com et qui affiche les résultats.
Freyja
Freyja
Coadmin
Coadmin

Nombre de messages : 21093
Localisation : Perdue dans les genres

Revenir en haut Aller en bas

Virustotal Uploader Empty Re: Virustotal Uploader

Message par Freyja Ven 27 Juil 2012 - 17:09

La nouvelle version de virustotal inclus des informations sur le comportement du virus : http://www.malekal.com/2012/07/23/virustotal-behavioural-information/
Freyja
Freyja
Coadmin
Coadmin

Nombre de messages : 21093
Localisation : Perdue dans les genres

Revenir en haut Aller en bas

Virustotal Uploader Empty Re: Virustotal Uploader

Message par Remuald Ven 27 Juil 2012 - 17:51

cool Very Happy
Remuald
Remuald
Coadmin
Coadmin

Nombre de messages : 31630
Localisation : anywhere

Revenir en haut Aller en bas

Virustotal Uploader Empty Re: Virustotal Uploader

Message par pmgamer Mer 1 Aoû 2012 - 20:08

Merci
pmgamer
pmgamer
NHFR All Stars
NHFR All Stars

Nombre de messages : 12433
Localisation : Nulle Part Ailleurs

Revenir en haut Aller en bas

Virustotal Uploader Empty Re: Virustotal Uploader

Message par Contenu sponsorisé


Contenu sponsorisé


Revenir en haut Aller en bas

Revenir en haut

Nantes Hardware :: Sécurité :: Malwares, Spam & Phishing

 
Permission de ce forum:
Vous ne pouvez pas répondre aux sujets dans ce forum