DLL dosyası güvenilir mi?
- Konuyu başlatan UcanMuz
- Başlangıç Tarihi
- Mesaj 12
- Görüntüleme 370
Kaanolovski
Kilopat
- Katılım
- 14 Aralık 2019
- Mesajlar
- 1.879
- Makaleler
- 1
- Çözümler
- 69
Daha fazla
- Cinsiyet
- Diğer
Hiç bir sıkıntı gözükmüyor, problem olduğunu sanmıyorum.
KS
KS
UcanMuz
Decipat
- Katılım
- 1 Temmuz 2022
- Mesajlar
- 2.721
- Çözümler
- 6
Neye dayanarak söylediğinizi öğrenebilir miyim?
Kaanolovski
Kilopat
- Katılım
- 14 Aralık 2019
- Mesajlar
- 1.879
- Makaleler
- 1
- Çözümler
- 69
Daha fazla
- Cinsiyet
- Diğer
VirusTotal çoklu olarak tarama yapar dosyada, hiç bir antivirüs sistemine yakalanmamış herhangi bir tehdit.
KS
KS
UcanMuz
Decipat
- Katılım
- 1 Temmuz 2022
- Mesajlar
- 2.721
- Çözümler
- 6
Sizden istediğim cevap maalesef bu değil.
Behavior gibi inceleme alanları var. Bu sebeple işin ehli arkadaşlar kalıbını kullandım. Yoksa ben de görebiliyorum çoklu tarama yaptığını.
EmirKadirO
Decipat
Daha fazla
- Sistem Özellikleri
- CPU : AMD RADEON R7 240
GPU : İNTEL İ5 3470 3.20 GHZ
ANAKART : INTEL H61
RAM : 16 GB DDR3 (2x8)
SSD : 256 GB
HDD : 320 GB
- Cinsiyet
- Erkek
Zaten düzgün bir anti virüs kullanıyorsanız yetkisiz erişim durumunda engelleyecektir fakat bir problem yok gibi duruyor. BitDefender, Kaspersky, Malwarebytes, ESET. Gibi antivirüsler bir tespit bulamamış.
Turkıye anlasması
Kilopat
- Katılım
- 12 Mayıs 2016
- Mesajlar
- 1.115
- Çözümler
- 4
Filescan.io'ya yükle bende tersine mühendislilk yapan sezgiselimle taratayım.
Neyse dosya.c0'dan buldum.
Matches found in file /home/emirhanucan/İndirilenler/ScsUnitTypeCheckBypass.dll:
Rule File: IceWaterArchived.yar
Rule: n3e9_411f9e99c2469932
Description: No description available
Rule: n3ed_092fb0f929246b16
Description: No description available
Rule: n3ed_09317334d6a67916
Description: No description available
Rule: n3ed_0c89a5a6d2d31912
Description: No description available
Rule: n3ed_0ca3390f1a12f936
Description: No description available
Rule: n3ed_0ca3390f1a139932
Description: No description available
Rule: n3ed_0ca3390f1a13d932
Description: No description available
Rule: n3ed_0ca3390f1a52f131
Description: No description available
Rule: n3ed_0ca3390f3a136932
Description: No description available
Rule: n3ed_0ce3390f3a126b16
Description: No description available
Rule: n3ed_0ce3390f3a126b36
Description: No description available
Rule: n3ed_0ce3390f3a1b4a9a
Description: No description available
Rule: n3ed_0ce3390f3a534aba
Description: No description available
Rule: n3ed_0ce3390f3a53ebb6
Description: No description available
Rule: n3ed_0ce3390f3a5acad2
Description: No description available
Rule: n3ed_119e2169c0800b16
Description: No description available
Rule: n3ed_119eae89c0000b16
Description: No description available
Rule: n3ed_1922e854d6c31912
Description: No description available
Rule: n3ed_239c364bc6220b12
Description: No description available
Rule: n3ed_239c364bc6620b12
Description: No description available
Rule: n3ed_291771a8c2000b32
Description: No description available
Rule: n3ed_39857a1691ab1932
Description: No description available
Rule: n3ed_39857a16dba31932
Description: No description available
Rule: n3ed_39857a46dbd31932
Description: No description available
Rule: n3ed_39857a46dcbb1932
Description: No description available
Rule: n3ed_39857a46ee600932
Description: No description available
Rule: n3ed_39857a46fa231932
Description: No description available
Rule: n3ed_39857a46fe231932
Description: No description available
Rule: n3ed_39857a4edcab0932
Description: No description available
Rule: n3ed_39857a54d6c31932
Description: No description available
Rule: n3ed_39857a56ba231932
Description: No description available
Rule: n3ed_39857a56d6d31932
Description: No description available
Rule: n3ed_39857a56d7a31932
Description: No description available
Rule: n3ed_39857a56d9e31932
Description: No description available
Rule: n3ed_39857a56dda31932
Description: No description available
Rule: n3ed_39857a56ded31932
Description: No description available
Rule: n3ed_39857a56dfa31932
Description: No description available
Rule: n3ed_39857a5ed6d31932
Description: No description available
Rule: n3ed_39857a5edec31932
Description: No description available
Rule: n3ed_39957a12d3d30932
Description: No description available
Rule: n3ed_39957a1aba231932
Description: No description available
Rule: n3ed_39957a1eba231932
Description: No description available
Rule: n3ed_39957a5a56c31932
Description: No description available
Rule: n3ed_39957a5ed6c31932
Description: No description available
Rule File: clamsrch.yar
Rule: padding_used_in_hashing_algorithms__0x80_0_____0___8_byt_64_
Description: No description available
Rule: anti_debug__IsDebuggerPresent__8_byt_STR_17_
Description: No description available
Rule File: QuickSandLiteArchived.yar
Rule: executable_win_pe
Description: No description available
Rule File: VectraThreatLabArchived.yar
Rule: anti_dbg
Description: Checks if being debugged
Rule: win_files_operation
Description: Affect private profile
Rule File: VectraThreatLab_index.yar
Rule: anti_dbg
Description: Checks if being debugged
Rule: win_files_operation
Description: Affect private profile
Rule File: DFIR_Report_index.yar
Rule: cobalt_strike_tmp01925d3f
Description: files - file ~tmp01925d3f.exe
Rule: cobalt_strike_TSE588C
Description: exe - file TSE588C.exe
Rule File: EmersonElectricCo_index.yar
Rule: ft_exe
Description: No description available
Rule File: naxonez_index.yar
Rule: DebuggerCheck__API
Description: No description available
Rule: DebuggerTiming__PerformanceCounter
Description: No description available
Rule: DebuggerException__UnhandledFilter
Description: No description available
Rule: DebuggerPattern__CPUID
Description: No description available
Rule File: pveutin_index.yar
Rule: mz_executable
Description: No description available
Rule File: FlorianRoth2.yar
Rule: IDDQD_Godmode_Rule
Description: This is the most powerful YARA rule. It detects literally everything.
Rule File: 73mp74710n_index.yar
Rule: isExecutable
Description: Yara rule to check for unobfuscated rat created with njrat
Virüslü çıktı sezgiselime göre.
En güçlü YARA kuralı tespit etmiş ve bir sürü kuralın tespiti var. Yanlış pozitif olma ihtimalini düşürüyor. Fakat daha derin analiz lazım. ClamAV sezgiseli ile tarama yaptım ve 70 milyonluk veri tabanımla o ise temiz dedi.
YARA kuralı olmayan sezgiselim temiz dedi. ClamAV temiz dedi. 70 milyon üzeri virüslü veritabanım temiz dedi. Tek Windows sezgiselim kaldı ve onla tarama yapmadım. Muhtemelen o da temiz diyecektir. İçimden bir ses eğer bu virüsse rootkit olabilir diyor yoksa yanlış pozitif gibi görünüyor.
Neyse dosya.c0'dan buldum.
Matches found in file /home/emirhanucan/İndirilenler/ScsUnitTypeCheckBypass.dll:
Rule File: IceWaterArchived.yar
Rule: n3e9_411f9e99c2469932
Description: No description available
Rule: n3ed_092fb0f929246b16
Description: No description available
Rule: n3ed_09317334d6a67916
Description: No description available
Rule: n3ed_0c89a5a6d2d31912
Description: No description available
Rule: n3ed_0ca3390f1a12f936
Description: No description available
Rule: n3ed_0ca3390f1a139932
Description: No description available
Rule: n3ed_0ca3390f1a13d932
Description: No description available
Rule: n3ed_0ca3390f1a52f131
Description: No description available
Rule: n3ed_0ca3390f3a136932
Description: No description available
Rule: n3ed_0ce3390f3a126b16
Description: No description available
Rule: n3ed_0ce3390f3a126b36
Description: No description available
Rule: n3ed_0ce3390f3a1b4a9a
Description: No description available
Rule: n3ed_0ce3390f3a534aba
Description: No description available
Rule: n3ed_0ce3390f3a53ebb6
Description: No description available
Rule: n3ed_0ce3390f3a5acad2
Description: No description available
Rule: n3ed_119e2169c0800b16
Description: No description available
Rule: n3ed_119eae89c0000b16
Description: No description available
Rule: n3ed_1922e854d6c31912
Description: No description available
Rule: n3ed_239c364bc6220b12
Description: No description available
Rule: n3ed_239c364bc6620b12
Description: No description available
Rule: n3ed_291771a8c2000b32
Description: No description available
Rule: n3ed_39857a1691ab1932
Description: No description available
Rule: n3ed_39857a16dba31932
Description: No description available
Rule: n3ed_39857a46dbd31932
Description: No description available
Rule: n3ed_39857a46dcbb1932
Description: No description available
Rule: n3ed_39857a46ee600932
Description: No description available
Rule: n3ed_39857a46fa231932
Description: No description available
Rule: n3ed_39857a46fe231932
Description: No description available
Rule: n3ed_39857a4edcab0932
Description: No description available
Rule: n3ed_39857a54d6c31932
Description: No description available
Rule: n3ed_39857a56ba231932
Description: No description available
Rule: n3ed_39857a56d6d31932
Description: No description available
Rule: n3ed_39857a56d7a31932
Description: No description available
Rule: n3ed_39857a56d9e31932
Description: No description available
Rule: n3ed_39857a56dda31932
Description: No description available
Rule: n3ed_39857a56ded31932
Description: No description available
Rule: n3ed_39857a56dfa31932
Description: No description available
Rule: n3ed_39857a5ed6d31932
Description: No description available
Rule: n3ed_39857a5edec31932
Description: No description available
Rule: n3ed_39957a12d3d30932
Description: No description available
Rule: n3ed_39957a1aba231932
Description: No description available
Rule: n3ed_39957a1eba231932
Description: No description available
Rule: n3ed_39957a5a56c31932
Description: No description available
Rule: n3ed_39957a5ed6c31932
Description: No description available
Rule File: clamsrch.yar
Rule: padding_used_in_hashing_algorithms__0x80_0_____0___8_byt_64_
Description: No description available
Rule: anti_debug__IsDebuggerPresent__8_byt_STR_17_
Description: No description available
Rule File: QuickSandLiteArchived.yar
Rule: executable_win_pe
Description: No description available
Rule File: VectraThreatLabArchived.yar
Rule: anti_dbg
Description: Checks if being debugged
Rule: win_files_operation
Description: Affect private profile
Rule File: VectraThreatLab_index.yar
Rule: anti_dbg
Description: Checks if being debugged
Rule: win_files_operation
Description: Affect private profile
Rule File: DFIR_Report_index.yar
Rule: cobalt_strike_tmp01925d3f
Description: files - file ~tmp01925d3f.exe
Rule: cobalt_strike_TSE588C
Description: exe - file TSE588C.exe
Rule File: EmersonElectricCo_index.yar
Rule: ft_exe
Description: No description available
Rule File: naxonez_index.yar
Rule: DebuggerCheck__API
Description: No description available
Rule: DebuggerTiming__PerformanceCounter
Description: No description available
Rule: DebuggerException__UnhandledFilter
Description: No description available
Rule: DebuggerPattern__CPUID
Description: No description available
Rule File: pveutin_index.yar
Rule: mz_executable
Description: No description available
Rule File: FlorianRoth2.yar
Rule: IDDQD_Godmode_Rule
Description: This is the most powerful YARA rule. It detects literally everything.
Rule File: 73mp74710n_index.yar
Rule: isExecutable
Description: Yara rule to check for unobfuscated rat created with njrat
Virüslü çıktı sezgiselime göre.
En güçlü YARA kuralı tespit etmiş ve bir sürü kuralın tespiti var. Yanlış pozitif olma ihtimalini düşürüyor. Fakat daha derin analiz lazım. ClamAV sezgiseli ile tarama yaptım ve 70 milyonluk veri tabanımla o ise temiz dedi.
YARA kuralı olmayan sezgiselim temiz dedi. ClamAV temiz dedi. 70 milyon üzeri virüslü veritabanım temiz dedi. Tek Windows sezgiselim kaldı ve onla tarama yapmadım. Muhtemelen o da temiz diyecektir. İçimden bir ses eğer bu virüsse rootkit olabilir diyor yoksa yanlış pozitif gibi görünüyor.
Son düzenleme:
KS
KS
UcanMuz
Decipat
- Katılım
- 1 Temmuz 2022
- Mesajlar
- 2.721
- Çözümler
- 6
Teşekkür ederim.
@Turkıye anlasması KVRT ile klasör içinde taradığım zaman root kit bulamadı. Teşekkür ederim yardımlarınız için.
Son düzenleme:
- Katılım
- 28 Ocak 2020
- Mesajlar
- 19.395
- Makaleler
- 52
- Çözümler
- 460
KS
KS
UcanMuz
Decipat
- Katılım
- 1 Temmuz 2022
- Mesajlar
- 2.721
- Çözümler
- 6
