Virustotal Uploader
3 participants
Page 1 sur 1
Virustotal Uploader
J'ai déjà un peu parlé de www.virustotal.com et de leur outil d'upload des fichiers à tester.
Auparavant, on ne pouvait uploader que depuis le bouton droit de la souris en cliquant sur un fichier :
La nouvelle version (2.0) permet d'uploader jusqu'à 5 fichiers simultanément dans la limite de 20 Mo, d'envoyer directement un process en mémoire et il y a un pre-check du md5.
Télécharger VirusTotal Uploader
Source : http://www.raymond.cc/blog/archives/2009/12/14/virustotal-uploader-2-0-supports-uploading-up-to-five-20mb-files/
Mais voilà ce que ça donne en live sur un fichier infectieux :
Résultat avant re-scan : http://www.virustotal.com/analisis/c75231956bc71730faf5497c2e49934c943676eb85a9f00b6e1ca0d026ad8ec6-1264249803
On ne sait pas trop de quel virus il s'agit mais c'est clair que c'est un virus, on n'a que des détections génériques et seulement 8 détections.
Entretemps (entre avant-hier et aujourd'hui) j'ai uploadé le fichier infectieux pour analyse à travers le site de malekal.
Donc, on ré-upload le fichier + Re-scan :
Après rescan :
PS: si ça intéresse quelqu'un j'ai fais un script sous linux qui permet d'uploader un fichier depuis Linux vers www.virustotal.com et qui affiche les résultats.
Auparavant, on ne pouvait uploader que depuis le bouton droit de la souris en cliquant sur un fichier :
La nouvelle version (2.0) permet d'uploader jusqu'à 5 fichiers simultanément dans la limite de 20 Mo, d'envoyer directement un process en mémoire et il y a un pre-check du md5.
Télécharger VirusTotal Uploader
Source : http://www.raymond.cc/blog/archives/2009/12/14/virustotal-uploader-2-0-supports-uploading-up-to-five-20mb-files/
Mais voilà ce que ça donne en live sur un fichier infectieux :
Résultat avant re-scan : http://www.virustotal.com/analisis/c75231956bc71730faf5497c2e49934c943676eb85a9f00b6e1ca0d026ad8ec6-1264249803
File IMG78764_88.JPG-www.myspace.com.e received on 2010.01.21 17:52:34 (UTC) | |||
Antivirus | Version | Last Update | Result |
a-squared | 4.5.0.50 | 2010.01.21 | - |
AhnLab-V3 | 5.0.0.2 | 2010.01.21 | - |
AntiVir | 7.9.1.146 | 2010.01.21 | TR/Dropper.Gen |
Antiy-AVL | 2.0.3.7 | 2010.01.21 | - |
Authentium | 5.2.0.5 | 2010.01.21 | - |
Avast | 4.8.1351.0 | 2010.01.21 | - |
AVG | 9.0.0.730 | 2010.01.21 | - |
BitDefender | 7.2 | 2010.01.21 | GenPack:Generic.Malware.SYBd!dldsp.BB50AEFB |
CAT-QuickHeal | 10.00 | 2010.01.21 | - |
ClamAV | 0.94.1 | 2010.01.21 | - |
Comodo | 3659 | 2010.01.21 | - |
DrWeb | 5.0.1.12222 | 2010.01.21 | BackDoor.IRC.Sdbot |
eSafe | 7.0.17.0 | 2010.01.20 | - |
eTrust-Vet | 35.2.7250 | 2010.01.21 | - |
F-Prot | 4.5.1.85 | 2010.01.20 | - |
F-Secure | 9.0.15370.0 | 2010.01.21 | GenPack:Generic.Malware.SYBd!dldsp.BB50AEFB |
Fortinet | 4.0.14.0 | 2010.01.21 | - |
GData | 19 | 2010.01.21 | GenPack:Generic.Malware.SYBd!dldsp.BB50AEFB |
Ikarus | T3.1.1.80.0 | 2010.01.21 | - |
Jiangmin | 13.0.900 | 2010.01.21 | - |
K7AntiVirus | 7.10.951 | 2010.01.20 | - |
Kaspersky | 7.0.0.125 | 2010.01.21 | - |
McAfee | 5867 | 2010.01.20 | - |
McAfee+Artemis | 5867 | 2010.01.20 | - |
McAfee-GW-Edition | 6.8.5 | 2010.01.21 | Trojan.Dropper.Gen |
Microsoft | 1.5302 | 2010.01.21 | VirTool:Win32/CeeInject.gen!A |
NOD32 | 4791 | 2010.01.20 | - |
Norman | 6.04.03 | 2010.01.20 | - |
nProtect | 2009.1.8.0 | 2010.01.21 | Trojan/W32.Agent.178688.AM |
Panda | 10.0.2.2 | 2010.01.21 | - |
PCTools | 7.0.3.5 | 2010.01.21 | - |
Prevx | 3.0 | 2010.01.21 | - |
Rising | 22.31.03.04 | 2010.01.21 | - |
Sophos | 4.50.0 | 2010.01.21 | - |
Sunbelt | 3.2.1858.2 | 2010.01.21 | - |
Symantec | 20091.2.0.41 | 2010.01.21 | - |
TheHacker | 6.5.0.8.157 | 2010.01.21 | - |
TrendMicro | 9.120.0.1004 | 2010.01.21 | - |
VBA32 | 3.12.12.1 | 2010.01.20 | - |
ViRobot | 2010.1.21.2148 | 2010.01.21 | - |
VirusBuster | 5.0.21.0 | 2010.01.20 | - |
Additional information | |||
File size: 178688 bytes | |||
MD5 : 89cee2f81926c78f5b5ecbdb855b86e1 | |||
SHA1 : d3fec77aa85cd1848365ddc702a826eabec891dd | |||
SHA256: c75231956bc71730faf5497c2e49934c943676eb85a9f00b6e1ca0d026ad8ec6 | |||
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x645C timedatestamp.....: 0x480251CD (Sun Apr 13 20:32:45 2008) machinetype.......: 0x14C (Intel I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x99C8 0x9A00 6.58 fd7744c26c2bf4d279968be94b283b11 .data 0xB000 0x1BE4 0x400 4.25 99858e86526942a66950c7139f78a725 .rsrc 0xD000 0x216BC 0x21800 7.38 c6cc0739038b473d67f0f4f81bd3cc99 ( 6 imports ) > advapi32.dll: FreeSid, AllocateAndInitializeSid, EqualSid, GetTokenInformation, OpenProcessToken, AdjustTokenPrivileges, LookupPrivilegeValueA, RegCloseKey, RegDeleteValueA, RegOpenKeyExA, RegSetValueExA, RegQueryValueExA, RegCreateKeyExA, RegQueryInfoKeyA > comctl32.dll: - > gdi32.dll: GetDeviceCaps > kernel32.dll: LocalFree, LocalAlloc, GetLastError, GetCurrentProcess, lstrlenA, GetModuleFileNameA, GetSystemDirectoryA, _lclose, _llseek, _lopen, WritePrivateProfileStringA, GetWindowsDirectoryA, CreateDirectoryA, GetFileAttributesA, ExpandEnvironmentStringsA, lstrcpyA, GlobalFree, GlobalUnlock, GlobalLock, GlobalAlloc, IsDBCSLeadByte, GetShortPathNameA, GetPrivateProfileStringA, GetPrivateProfileIntA, lstrcmpiA, RemoveDirectoryA, FindClose, FindNextFileA, DeleteFileA, SetFileAttributesA, lstrcmpA, FindFirstFileA, FreeResource, GetProcAddress, LoadResource, SizeofResource, FindResourceA, lstrcatA, CloseHandle, WriteFile, SetFilePointer, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, SetCurrentDirectoryA, GetTempFileNameA, ExitProcess, CreateFileA, LoadLibraryExA, lstrcpynA, GetVolumeInformationA, FormatMessageA, GetCurrentDirectoryA, GetVersionExA, GetExitCodeProcess, WaitForSingleObject, CreateProcessA, GetTempPathA, GetSystemInfo, CreateMutexA, SetEvent, CreateEventA, CreateThread, ResetEvent, TerminateThread, GetDriveTypeA, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, ReadFile, LoadLibraryA, GetDiskFreeSpaceA, MulDiv, EnumResourceLanguagesA, FreeLibrary, LockResource > user32.dll: ExitWindowsEx, wsprintfA, CharNextA, CharUpperA, CharPrevA, SetWindowLongA, GetWindowLongA, CallWindowProcA, DispatchMessageA, MsgWaitForMultipleObjects, PeekMessageA, SendMessageA, SetWindowPos, ReleaseDC, GetDC, GetWindowRect, SendDlgItemMessageA, GetDlgItem, SetForegroundWindow, SetWindowTextA, MessageBoxA, DialogBoxIndirectParamA, ShowWindow, EnableWindow, GetDlgItemTextA, EndDialog, GetDesktopWindow, MessageBeep, SetDlgItemTextA, LoadStringA, GetSystemMetrics > version.dll: GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA ( 0 exports ) | |||
TrID : File type identification Win64 Executable Generic (63.0%) Win32 Executable MS Visual C++ (generic) (27.7%) Win32 Executable Generic (6.2%) Generic Win/DOS Executable (1.4%) DOS Executable Generic (1.4%) | |||
ssdeep: 3072:HGu9BlfzWIbXWm+w0J15rG0P3+wOWM49cExNJ6s6OOsIcgY/5oEQ:H/0uo3G0PCz49cEpjOsIcjRm | |||
Prevx Info: http://info.prevx.com/aboutprogramtext.asp?PX5=C80123880092EC2ABA7E02DEB3FDF3002DED42E6 | |||
PEiD : - | |||
packers (F-Prot): CAB | |||
RDS : NSRL Reference Data Set - |
On ne sait pas trop de quel virus il s'agit mais c'est clair que c'est un virus, on n'a que des détections génériques et seulement 8 détections.
Entretemps (entre avant-hier et aujourd'hui) j'ai uploadé le fichier infectieux pour analyse à travers le site de malekal.
Donc, on ré-upload le fichier + Re-scan :
Après rescan :
File IMG78764_88.JPG-www.myspace.com.e received on 2010.01.23 12:59:42 (UTC) | |||
Antivirus | Version | Last Update | Result |
a-squared | 4.5.0.50 | 2010.01.23 | Virus.Win32.CeeInject!IK |
AhnLab-V3 | 5.0.0.2 | 2010.01.23 | - |
AntiVir | 7.9.1.146 | 2010.01.22 | TR/Dropper.Gen |
Antiy-AVL | 2.0.3.7 | 2010.01.22 | - |
Authentium | 5.2.0.5 | 2010.01.23 | - |
Avast | 4.8.1351.0 | 2010.01.22 | - |
AVG | 9.0.0.730 | 2010.01.23 | IRC/BackDoor.SdBot4.PQF.dropper |
BitDefender | 7.2 | 2010.01.23 | GenPack:Generic.Malware.SYBd!dldsp.BB50AEFB |
CAT-QuickHeal | 10.00 | 2010.01.22 | - |
ClamAV | 0.94.1 | 2010.01.22 | - |
Comodo | 3681 | 2010.01.23 | - |
DrWeb | 5.0.1.12222 | 2010.01.23 | BackDoor.IRC.Sdbot |
eSafe | 7.0.17.0 | 2010.01.21 | - |
eTrust-Vet | 35.2.7255 | 2010.01.22 | - |
F-Prot | 4.5.1.85 | 2010.01.22 | - |
F-Secure | 9.0.15370.0 | 2010.01.23 | GenPack:Generic.Malware.SYBd!dldsp.BB50AEFB |
Fortinet | 4.0.14.0 | 2010.01.23 | W32/Buzus.CZZO!tr |
GData | 19 | 2010.01.23 | GenPack:Generic.Malware.SYBd!dldsp.BB50AEFB |
Ikarus | T3.1.1.80.0 | 2010.01.23 | Virus.Win32.CeeInject |
Jiangmin | 13.0.900 | 2010.01.23 | Trojan/Buzus.zit |
K7AntiVirus | 7.10.952 | 2010.01.22 | - |
Kaspersky | 7.0.0.125 | 2010.01.23 | Trojan.Win32.Buzus.czzo |
McAfee | 5869 | 2010.01.22 | - |
McAfee+Artemis | 5869 | 2010.01.22 | Artemis!89CEE2F81926 |
McAfee-GW-Edition | 6.8.5 | 2010.01.23 | Trojan.Dropper.Gen |
Microsoft | 1.5405 | 2010.01.23 | VirTool:Win32/CeeInject.gen!A |
NOD32 | 4799 | 2010.01.23 | - |
Norman | 6.04.03 | 2010.01.23 | - |
nProtect | 2009.1.8.0 | 2010.01.23 | Trojan/W32.Agent.178688.AM |
Panda | 10.0.2.2 | 2010.01.22 | Suspicious file |
PCTools | 7.0.3.5 | 2010.01.23 | - |
Prevx | 3.0 | 2010.01.23 | High Risk Cloaked Malware |
Rising | 22.31.04.04 | 2010.01.22 | Trojan.Win32.Generic.51F7F60A |
Sophos | 4.50.0 | 2010.01.23 | Mal/Generic-A |
Sunbelt | 3.2.1858.2 | 2010.01.23 | Trojan.Win32.Generic!SB.0 |
Symantec | 20091.2.0.41 | 2010.01.23 | - |
TheHacker | 6.5.0.9.160 | 2010.01.23 | - |
TrendMicro | 9.120.0.1004 | 2010.01.23 | - |
VBA32 | 3.12.12.1 | 2010.01.21 | - |
ViRobot | 2010.1.23.2152 | 2010.01.23 | - |
VirusBuster | 5.0.21.0 | 2010.01.22 | - |
Additional information | |||
File size: 178688 bytes | |||
MD5...: 89cee2f81926c78f5b5ecbdb855b86e1 | |||
SHA1..: d3fec77aa85cd1848365ddc702a826eabec891dd | |||
SHA256: c75231956bc71730faf5497c2e49934c943676eb85a9f00b6e1ca0d026ad8ec6 | |||
ssdeep: 3072:HGu9BlfzWIbXWm+w0J15rG0P3+wOWM49cExNJ6s6OOsIcgY/5oEQ:H/0uo3 G0PCz49cEpjOsIcjRm | |||
PEiD..: - | |||
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x645c timedatestamp.....: 0x480251cd (Sun Apr 13 18:32:45 2008) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x99c8 0x9a00 6.58 fd7744c26c2bf4d279968be94b283b11 .data 0xb000 0x1be4 0x400 4.25 99858e86526942a66950c7139f78a725 .rsrc 0xd000 0x216bc 0x21800 7.38 c6cc0739038b473d67f0f4f81bd3cc99 ( 6 imports ) > ADVAPI32.dll: FreeSid, AllocateAndInitializeSid, EqualSid, GetTokenInformation, OpenProcessToken, AdjustTokenPrivileges, LookupPrivilegeValueA, RegCloseKey, RegDeleteValueA, RegOpenKeyExA, RegSetValueExA, RegQueryValueExA, RegCreateKeyExA, RegQueryInfoKeyA > KERNEL32.dll: LocalFree, LocalAlloc, GetLastError, GetCurrentProcess, lstrlenA, GetModuleFileNameA, GetSystemDirectoryA, _lclose, _llseek, _lopen, WritePrivateProfileStringA, GetWindowsDirectoryA, CreateDirectoryA, GetFileAttributesA, ExpandEnvironmentStringsA, lstrcpyA, GlobalFree, GlobalUnlock, GlobalLock, GlobalAlloc, IsDBCSLeadByte, GetShortPathNameA, GetPrivateProfileStringA, GetPrivateProfileIntA, lstrcmpiA, RemoveDirectoryA, FindClose, FindNextFileA, DeleteFileA, SetFileAttributesA, lstrcmpA, FindFirstFileA, FreeResource, GetProcAddress, LoadResource, SizeofResource, FindResourceA, lstrcatA, CloseHandle, WriteFile, SetFilePointer, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, SetCurrentDirectoryA, GetTempFileNameA, ExitProcess, CreateFileA, LoadLibraryExA, lstrcpynA, GetVolumeInformationA, FormatMessageA, GetCurrentDirectoryA, GetVersionExA, GetExitCodeProcess, WaitForSingleObject, CreateProcessA, GetTempPathA, GetSystemInfo, CreateMutexA, SetEvent, CreateEventA, CreateThread, ResetEvent, TerminateThread, GetDriveTypeA, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, ReadFile, LoadLibraryA, GetDiskFreeSpaceA, MulDiv, EnumResourceLanguagesA, FreeLibrary, LockResource > GDI32.dll: GetDeviceCaps > USER32.dll: ExitWindowsEx, wsprintfA, CharNextA, CharUpperA, CharPrevA, SetWindowLongA, GetWindowLongA, CallWindowProcA, DispatchMessageA, MsgWaitForMultipleObjects, PeekMessageA, SendMessageA, SetWindowPos, ReleaseDC, GetDC, GetWindowRect, SendDlgItemMessageA, GetDlgItem, SetForegroundWindow, SetWindowTextA, MessageBoxA, DialogBoxIndirectParamA, ShowWindow, EnableWindow, GetDlgItemTextA, EndDialog, GetDesktopWindow, MessageBeep, SetDlgItemTextA, LoadStringA, GetSystemMetrics > COMCTL32.dll: - > VERSION.dll: GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA ( 0 exports ) | |||
RDS...: NSRL Reference Data Set - | |||
packers (F-Prot): CAB | |||
sigcheck: publisher....: Microsoft Corporation copyright....: (c) Microsoft Corporation. All rights reserved. product......: Microsoft_ Windows_ Operating System description..: Win32 Cabinet Self-Extractor original name: WEXTRACT.EXE internal name: Wextract file version.: 6.00.2900.5512 (xpsp.080413-2105) comments.....: n/a signers......: - signing date.: - verified.....: Unsigned | |||
pdfid.: - | |||
http://info.prevx.com/aboutprogramtext.asp?PX5=C80123880092EC2ABA7E02DEB3FDF3002DED42E6 | |||
trid..: Win64 Executable Generic (63.0%) Win32 Executable MS Visual C++ (generic) (27.7%) Win32 Executable Generic (6.2%) Generic Win/DOS Executable (1.4%) DOS Executable Generic (1.4%) |
PS: si ça intéresse quelqu'un j'ai fais un script sous linux qui permet d'uploader un fichier depuis Linux vers www.virustotal.com et qui affiche les résultats.
Freyja- Coadmin
- Nombre de messages : 21093
Localisation : Perdue dans les genres
Re: Virustotal Uploader
La nouvelle version de virustotal inclus des informations sur le comportement du virus : http://www.malekal.com/2012/07/23/virustotal-behavioural-information/
Freyja- Coadmin
- Nombre de messages : 21093
Localisation : Perdue dans les genres
pmgamer- NHFR All Stars
- Nombre de messages : 12433
Localisation : Nulle Part Ailleurs
Page 1 sur 1
Permission de ce forum:
Vous ne pouvez pas répondre aux sujets dans ce forum