-
Notifications
You must be signed in to change notification settings - Fork 15
/
example_output.txt
148 lines (136 loc) · 5.36 KB
/
example_output.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
(1) SimpleJson installed, VT results but no Cymru or SS results
---------------------------------------------------------------
remnux@remnux:~/Desktop$ python FileLookup.py 8d1243db6fedbebf96cf446e278e5c155e8d57c98f213f5cd5e5629841178037
################################################################################
File: 8d1243db6fedbebf96cf446e278e5c155e8d57c98f213f5cd5e5629841178037
################################################################################
MD5: 6c81e843b52181a05cf5639dc42ddaf3
Sha256: 8d1243db6fedbebf96cf446e278e5c155e8d57c98f213f5cd5e5629841178037
VirusTotal:
Scan Date: Nov 19 2012
Total Engines: 43
Detected: 15
A/V Results:
ClamAV: TrojanDownloader:Java/Agent.J
Kaspersky: None
McAfee: Generic Downloader.x!gm3
Microsoft: TrojanDownloader:Java/Agent.J
Sophos: Troj/JavaDl-SI
Symantec: Trojan.Maljava
Link: https://www.virustotal.com/file/8d1243db6fedbebf96cf446e278e5c155e8d57c98f213f5cd5e5629841178037/analysis/1353343783/
Cymru:
Last Seen: Nov 20 2012
Detected: NO_DATA
ShadowServer A/V: No Match
ShadowServer Known: No Match
------------------------------------------------
(2) SimpleJson installed, VT, Cymru & SS results
------------------------------------------------
remnux@remnux:~/Desktop$ python FileLookup.py 7E3770351AED43FD6C5CAB8E06DC0300_doc
################################################################################
File: 7E3770351AED43FD6C5CAB8E06DC0300_doc
################################################################################
MD5: 7e3770351aed43fd6c5cab8e06dc0300
Sha256: 742db588c3cfa416215619db34e168be58846058f7528adee8358bb8b8b68fe3
VirusTotal:
Scan Date: Oct 21 2012
Total Engines: 44
Detected: 29
A/V Results:
ClamAV: Exploit:SWF/CVE-2012-1535.A
Kaspersky: Exploit.SWF.Agent.gq
McAfee: Exploit-CVE2012-1535
Microsoft: Exploit:SWF/CVE-2012-1535.A
Sophos: Troj/SwfExp-BB
Symantec: Trojan.Mdropper
Link: https://www.virustotal.com/file/742db588c3cfa416215619db34e168be58846058f7528adee8358bb8b8b68fe3/analysis/1350797932/
Cymru:
Last Seen: Aug 16 2012
Detected: 27
ShadowServer A/V:
First Seen: Aug 18 2012
Last Seen: Aug 18 2012
A/V Results:
N/A
ShadowServer Known: No Match
---------------------------------------------------
(3) No SimpleJson installed, VT, Cymru & SS results
---------------------------------------------------
C:\tools\>python FileLookup.py 3770351AED43FD6C5CAB8E06DC0300_doc
################################################################################
File: 7E3770351AED43FD6C5CAB8E06DC0300_doc
################################################################################
MD5: 7e3770351aed43fd6c5cab8e06dc0300
Sha256: 742db588c3cfa416215619db34e168be58846058f7528adee8358bb8b8b68fe3
VirusTotal:
Scan Date: Oct 21 2012
Total Engines: 44
Detected: 29
Cymru:
Last Seen: Aug 16 2012
Detected: 27
ShadowServer A/V:
First Seen: Aug 18 2012
Last Seen: Aug 18 2012
A/V Results:
N/A
ShadowServer Known: No Match
-------------------------------------------------------------
(4) av_mutliscan with out lookup integration of FileLookup
-------------------------------------------------------------
remnux@remnux:~/Desktop$ av_multiscan.py -f file.exe
Scanning: /
################################################################################
File: file.exe
################################################################################
filesize: 91296 bytes
md5: 2d29ce731221bedfebc9f352b7bb7c5d
sha1: 6fd78a30ecff3b7198352cfd0ed6943c64de6bce
sha256: 9f1e0410f3bcc260cbc4bcbd9c9b4c8268181e81b7a1a34973f013cf3cd92800
ssdeep: 1536:6CxUICz7AzOPArbISP7l7VIMRm4Oh+ljTzjLjTzjsjTzj1jTzjDEKQWCqT:f60SPArbDPxqMRbOhGTfXTfATfhTfDEW
clamav: OK
clam_custom: OK
yara: 'suspicious' 'Keylogger' 'shellcode_at_EP'
yara_magic: 'mz_executable'
yara_packer: No Match
officemalscanner: Not an MS Office file
f-prot: No Match
mcafee: No Match
-------------------------------------------------------------
(5) av_mutliscan with online lookup integration of FileLookup
-------------------------------------------------------------
remnux@remnux:~/Desktop$ av_multiscan.py -o -f file.exe
Scanning: /
################################################################################
File: file.exe
################################################################################
filesize: 91296 bytes
md5: 2d29ce731221bedfebc9f352b7bb7c5d
sha1: 6fd78a30ecff3b7198352cfd0ed6943c64de6bce
sha256: 9f1e0410f3bcc260cbc4bcbd9c9b4c8268181e81b7a1a34973f013cf3cd92800
ssdeep: 1536:6CxUICz7AzOPArbISP7l7VIMRm4Oh+ljTzjLjTzjsjTzj1jTzjDEKQWCqT:f60SPArbDPxqMRbOhGTfXTfATfhTfDEW
clamav: OK
clam_custom: OK
yara: 'suspicious' 'Keylogger' 'shellcode_at_EP'
yara_magic: 'mz_executable'
yara_packer: No Match
officemalscanner: Not an MS Office file
f-prot: No Match
mcafee: No Match
ShadowServer AV: No Match
ShadowServer Known: No Match
Cymru:
Last Seen: Dec 28 2012
Detected: NO_DATA
VirusTotal:
Scan Date: Dec 20 2012
Total Engines: 43
Detected: 3
A/V Results:
ClamAV: None
Kaspersky: None
McAfee: None
Microsoft: None
Sophos: None
Symantec: None
Link: https://www.virustotal.com/file/9f1e0410f3bcc260cbc4bcbd9c9b4c8268181e81b7a1a34973f013cf3cd92800/analysis/1356010834/