We all know the obvious url scanners and url meta scanners (URL Void, VT)
Scanned this URL against two lesser known url scanners and give the results accordingly:
Scanned malware URL = htxp://thetanrad.cz.cc/fgdtshjdkyfhxtgstre.jar
because of flag at http://safeweb.norton.com/report/show?name=thetanrad.cz.cc
First the Chanret URL Scanner results:
Checking: htxp://thetanrad.cz.cc/fgdtshjdkyfhxtgstre.jar
Engine version: 5.0.2.3300
Total virus-finding records: 2033787
File size: 8959 bytes
File MD5: 95305911a94e1e76bec0cc5cd65fe7f5
htxp://thetanrad.cz.cc/fgdtshjdkyfhxtgstre.jar - archive ZIP
htxp://thetanrad.cz.cc/fgdtshjdkyfhxtgstre.jar/META-INF/MANIFEST.MF - Ok
htxp://thetanrad.cz.cc/fgdtshjdkyfhxtgstre.jar/olig/arel.class - Ok
htxp://thetanrad.cz.cc/fgdtshjdkyfhxtgstre.jar/olig/arena.class - Ok
htxp://thetanrad.cz.cc/fgdtshjdkyfhxtgstre.jar/olig/arep.class - Ok
htxp://thetanrad.cz.cc/fgdtshjdkyfhxtgstre.jar/olig/aret.class - Ok
htxp://thetanrad.cz.cc/fgdtshjdkyfhxtgstre.jar/manty/rova.class infected with Java.Downloader.224
htxp://thetanrad.cz.cc/fgdtshjdkyfhxtgstre.jar/manty/zimbie.class - Ok
htxp://thetanrad.cz.cc/fgdtshjdkyfhxtgstre.jar/manty/ronozi.class - Ok
htxp://thetanrad.cz.cc/fgdtshjdkyfhxtgstre.jar/manty/peleza.class - Ok
Now the results of the DrWeb online URL scanner:
Checking: hxtp://thetanrad.cz.cc/fgdtshjdkyfhxtgstre.jar INFECTED
Engine version: 5.0.2.3300
Total virus-finding records: 2033787
File size: 8959 bytes
File MD5: 95305911a94e1e76bec0cc5cd65fe7f5
htxp://thetanrad.cz.cc/fgdtshjdkyfhxtgstre.jar - archive ZIP
htxp://thetanrad.cz.cc/fgdtshjdkyfhxtgstre.jar/META-INF/MANIFEST.MF - Ok
hxtp://thetanrad.cz.cc/fgdtshjdkyfhxtgstre.jar/olig/arel.class - Ok
htxp://thetanrad.cz.cc/fgdtshjdkyfhxtgstre.jar/olig/arena.class - Ok
htxp://thetanrad.cz.cc/fgdtshjdkyfhxtgstre.jar/olig/arep.class - Ok
htxp://thetanrad.cz.cc/fgdtshjdkyfhxtgstre.jar/olig/aret.class - Ok
htxp://thetanrad.cz.cc/fgdtshjdkyfhxtgstre.jar/manty/rova.class infected with Java.Downloader.224
htxp://thetanrad.cz.cc/fgdtshjdkyfhxtgstre.jar/manty/zimbie.class - Ok
hxtp://thetanrad.cz.cc/fgdtshjdkyfhxtgstre.jar/manty/ronozi.class - Ok
htxp://thetanrad.cz.cc/fgdtshjdkyfhxtgstre.jar/manty/peleza.class - Ok
Now URL Void Link scanner htxp://thetanrad.cz.cc/fgdtshjdkyfhxtgstre.jar
File Hash 95305911a94e1e76bec0cc5cd65fe7f5
File Name fgdtshjdkyfhxtgstre-jar
Antivirus Updated Engine Result
AVG 29/04/2011 10.0.0.1190 -
Avira AntiVir 29/04/2011 7.11.7.12 Java/Exdoer.BB.2
ClamAV 29/04/2011 0.97 -
Emsisoft 29/04/2011 5.1.0.2 Trojan.Agent-EH!IK
TrendMicro 29/04/2011 9.200.0.1012 -
Zoner 29/04/2011 0.2 -
Nothing detected here:
http://wepawet.iseclab.org/view.php?hash=495cc4a9ddeb8e234b22fc6867c9433b&t=1304092272&type=js
My question what is htxp://urlscan.chanret.com/ actually scanning other than with DrWeb’s engine?
polonus