المساعد الشخصي الرقمي

مشاهدة النسخة كاملة : حصرياً ..::فحص و تحليل الملفات المشبوهة::..



!!BlackStar!!
18-12-2010, 10:07 PM
http://www.samysoft.net/forumim/basmla/hjlhjkl.gif


http://www.samysoft.net/forumim/slam/8052.gif



اليوم إن شاء الله بنستخدم المواقع لفحص الملفات المشبوهة

و سيكون الموضوع مقسم إلى 3 أجزاء

الأول: الفحص على موقع virus total

الثاني : تحليل الملفات المشبوهة باستخدام أداة Threat Expert

الثالث: فحص الملفات المشبوهة على موقع anubis


http://www.samysoft.net/forumim/fwasel/1/fgfdgdfg.gif



الأول
الفحص على موقع virus total


الرابط
VirusTotal (http://www.virustotal.com/)


طريقة الفحص

http://www.3asq.net/uploads/cec9559ab8.png (http://www.3asq.com/3asq.php?url=%68%74%74%70%3a%2f%2f%33%61%73%71%2e% 63%6f%6d%2f%33%61%73%71%2e%70%68%70%3f%75%72%6c%3d %25%36%38%25%37%34%25%37%34%25%37%30%25%33%61%25%3 2%66%25%32%66%25%37%37%25%37%37%25%37%37%25%32%65% 25%33%33%25%36%31%25%37%33%25%37%31%25%32%65%25%36 %65%25%36%35%25%37%34%25%32%66)

http://www.3asq.net/uploads/a66183b332.png (http://www.3asq.com/3asq.php?url=%68%74%74%70%3a%2f%2f%33%61%73%71%2e% 63%6f%6d%2f%33%61%73%71%2e%70%68%70%3f%75%72%6c%3d %25%36%38%25%37%34%25%37%34%25%37%30%25%33%61%25%3 2%66%25%32%66%25%37%37%25%37%37%25%37%37%25%32%65% 25%33%33%25%36%31%25%37%33%25%37%31%25%32%65%25%36 %65%25%36%35%25%37%34%25%32%66)

http://www.3asq.net/uploads/03ca9c1e27.png (http://www.3asq.com/3asq.php?url=%68%74%74%70%3a%2f%2f%33%61%73%71%2e% 63%6f%6d%2f%33%61%73%71%2e%70%68%70%3f%75%72%6c%3d %25%36%38%25%37%34%25%37%34%25%37%30%25%33%61%25%3 2%66%25%32%66%25%37%37%25%37%37%25%37%37%25%32%65% 25%33%33%25%36%31%25%37%33%25%37%31%25%32%65%25%36 %65%25%36%35%25%37%34%25%32%66)

http://www.3asq.net/uploads/c64d4a0766.png (http://www.3asq.com/3asq.php?url=%68%74%74%70%3a%2f%2f%33%61%73%71%2e% 63%6f%6d%2f%33%61%73%71%2e%70%68%70%3f%75%72%6c%3d %25%36%38%25%37%34%25%37%34%25%37%30%25%33%61%25%3 2%66%25%32%66%25%37%37%25%37%37%25%37%37%25%32%65% 25%33%33%25%36%31%25%37%33%25%37%31%25%32%65%25%36 %65%25%36%35%25%37%34%25%32%66)

http://www.3asq.net/uploads/0299c695fe.png (http://www.3asq.com/3asq.php?url=%68%74%74%70%3a%2f%2f%33%61%73%71%2e% 63%6f%6d%2f%33%61%73%71%2e%70%68%70%3f%75%72%6c%3d %25%36%38%25%37%34%25%37%34%25%37%30%25%33%61%25%3 2%66%25%32%66%25%37%37%25%37%37%25%37%37%25%32%65% 25%33%33%25%36%31%25%37%33%25%37%31%25%32%65%25%36 %65%25%36%35%25%37%34%25%32%66)





فحص الروابط

http://www.3asq.net/uploads/120235587d.png (http://www.3asq.com/3asq.php?url=%68%74%74%70%3a%2f%2f%33%61%73%71%2e% 63%6f%6d%2f%33%61%73%71%2e%70%68%70%3f%75%72%6c%3d %25%36%38%25%37%34%25%37%34%25%37%30%25%33%61%25%3 2%66%25%32%66%25%37%37%25%37%37%25%37%37%25%32%65% 25%33%33%25%36%31%25%37%33%25%37%31%25%32%65%25%36 %65%25%36%35%25%37%34%25%32%66)

http://www.3asq.net/uploads/cd7a9706de.png (http://www.3asq.com/3asq.php?url=%68%74%74%70%3a%2f%2f%33%61%73%71%2e% 63%6f%6d%2f%33%61%73%71%2e%70%68%70%3f%75%72%6c%3d %25%36%38%25%37%34%25%37%34%25%37%30%25%33%61%25%3 2%66%25%32%66%25%37%37%25%37%37%25%37%37%25%32%65% 25%33%33%25%36%31%25%37%33%25%37%31%25%32%65%25%36 %65%25%36%35%25%37%34%25%32%66)

http://www.3asq.net/uploads/9090484846.png (http://www.3asq.com/3asq.php?url=%68%74%74%70%3a%2f%2f%33%61%73%71%2e% 63%6f%6d%2f%33%61%73%71%2e%70%68%70%3f%75%72%6c%3d %25%36%38%25%37%34%25%37%34%25%37%30%25%33%61%25%3 2%66%25%32%66%25%37%37%25%37%37%25%37%37%25%32%65% 25%33%33%25%36%31%25%37%33%25%37%31%25%32%65%25%36 %65%25%36%35%25%37%34%25%32%66)

http://www.samysoft.net/forumim/fwasel/1/fgfdgdfg.gif

http://www.3asq.net/uploads/ab5efc3c66.png (http://www.3asq.com/3asq.php?url=%68%74%74%70%3a%2f%2f%33%61%73%71%2e% 63%6f%6d%2f%33%61%73%71%2e%70%68%70%3f%75%72%6c%3d %25%36%38%25%37%34%25%37%34%25%37%30%25%33%61%25%3 2%66%25%32%66%25%37%37%25%37%37%25%37%37%25%32%65% 25%33%33%25%36%31%25%37%33%25%37%31%25%32%65%25%36 %65%25%36%35%25%37%34%25%32%66)

لماذا اخترنا VirusTotal من غيره من المواقع؟؟

1-يفحص على 42 برنامج حماية من بينها البرامج القوية
2-يرسل قيم لبرامج الحماية
3-يخشى المخترقون منه لأنه يرسل القيم فينكشف الباتش بعد شقاء التشفير

!!BlackStar!!
18-12-2010, 10:09 PM
الثاني
تحليل الملفات المشبوهة باستخدام أداة Threat Expert

http://s218.photobucket.com/albums/cc298/Mr_KIRA/th_Untitled-1.png
ThreatExpert Submission Applet


http://imgcash5.imageshack.us/img24/5483/thuntitled2wi8.png
1.0.10.0

http://img11.imageshack.us/img11/3623/thuntitled10lu3.png
هـنــــــــا (http://www.threatexpert.com/submit.aspx)

http://www.samysoft.net/forumim/fwasel/1/fgfdgdfg.gif

http://www.3asq.net/uploads/3c9a0edc98.png (http://www.3asq.com/3asq.php?url=%68%74%74%70%3a%2f%2f%33%61%73%71%2e% 63%6f%6d%2f%33%61%73%71%2e%70%68%70%3f%75%72%6c%3d %25%36%38%25%37%34%25%37%34%25%37%30%25%33%61%25%3 2%66%25%32%66%25%37%37%25%37%37%25%37%37%25%32%65% 25%33%33%25%36%31%25%37%33%25%37%31%25%32%65%25%36 %65%25%36%35%25%37%34%25%32%66)

http://www.3asq.net/uploads/029fcf2561.png (http://www.3asq.com/3asq.php?url=%68%74%74%70%3a%2f%2f%33%61%73%71%2e% 63%6f%6d%2f%33%61%73%71%2e%70%68%70%3f%75%72%6c%3d %25%36%38%25%37%34%25%37%34%25%37%30%25%33%61%25%3 2%66%25%32%66%25%37%37%25%37%37%25%37%37%25%32%65% 25%33%33%25%36%31%25%37%33%25%37%31%25%32%65%25%36 %65%25%36%35%25%37%34%25%32%66)

http://www.3asq.net/uploads/7b4af13c73.png (http://www.3asq.com/3asq.php?url=%68%74%74%70%3a%2f%2f%33%61%73%71%2e% 63%6f%6d%2f%33%61%73%71%2e%70%68%70%3f%75%72%6c%3d %25%36%38%25%37%34%25%37%34%25%37%30%25%33%61%25%3 2%66%25%32%66%25%37%37%25%37%37%25%37%37%25%32%65% 25%33%33%25%36%31%25%37%33%25%37%31%25%32%65%25%36 %65%25%36%35%25%37%34%25%32%66)

http://www.3asq.net/uploads/1a477c97ad.png (http://www.3asq.com/3asq.php?url=%68%74%74%70%3a%2f%2f%33%61%73%71%2e% 63%6f%6d%2f%33%61%73%71%2e%70%68%70%3f%75%72%6c%3d %25%36%38%25%37%34%25%37%34%25%37%30%25%33%61%25%3 2%66%25%32%66%25%37%37%25%37%37%25%37%37%25%32%65% 25%33%33%25%36%31%25%37%33%25%37%31%25%32%65%25%36 %65%25%36%35%25%37%34%25%32%66)

http://www.3asq.net/uploads/b0cc595461.png (http://www.3asq.com/3asq.php?url=%68%74%74%70%3a%2f%2f%33%61%73%71%2e% 63%6f%6d%2f%33%61%73%71%2e%70%68%70%3f%75%72%6c%3d %25%36%38%25%37%34%25%37%34%25%37%30%25%33%61%25%3 2%66%25%32%66%25%37%37%25%37%37%25%37%37%25%32%65% 25%33%33%25%36%31%25%37%33%25%37%31%25%32%65%25%36 %65%25%36%35%25%37%34%25%32%66)


بعد 7 -10 دقائق
ستصل الرسالة

http://www.3asq.net/uploads/cc58210a8d.png (http://www.3asq.com/3asq.php?url=%68%74%74%70%3a%2f%2f%33%61%73%71%2e% 63%6f%6d%2f%33%61%73%71%2e%70%68%70%3f%75%72%6c%3d %25%36%38%25%37%34%25%37%34%25%37%30%25%33%61%25%3 2%66%25%32%66%25%37%37%25%37%37%25%37%37%25%32%65% 25%33%33%25%36%31%25%37%33%25%37%31%25%32%65%25%36 %65%25%36%35%25%37%34%25%32%66)

http://www.3asq.net/uploads/8d6fd05d77.png (http://www.3asq.com/3asq.php?url=%68%74%74%70%3a%2f%2f%33%61%73%71%2e% 63%6f%6d%2f%33%61%73%71%2e%70%68%70%3f%75%72%6c%3d %25%36%38%25%37%34%25%37%34%25%37%30%25%33%61%25%3 2%66%25%32%66%25%37%37%25%37%37%25%37%37%25%32%65% 25%33%33%25%36%31%25%37%33%25%37%31%25%32%65%25%36 %65%25%36%35%25%37%34%25%32%66)

http://www.3asq.net/uploads/ae0aac77a7.png (http://www.3asq.com/3asq.php?url=%68%74%74%70%3a%2f%2f%33%61%73%71%2e% 63%6f%6d%2f%33%61%73%71%2e%70%68%70%3f%75%72%6c%3d %25%36%38%25%37%34%25%37%34%25%37%30%25%33%61%25%3 2%66%25%32%66%25%37%37%25%37%37%25%37%37%25%32%65% 25%33%33%25%36%31%25%37%33%25%37%31%25%32%65%25%36 %65%25%36%35%25%37%34%25%32%66)

http://www.3asq.net/uploads/e3e6a27998.png (http://www.3asq.com/3asq.php?url=%68%74%74%70%3a%2f%2f%33%61%73%71%2e% 63%6f%6d%2f%33%61%73%71%2e%70%68%70%3f%75%72%6c%3d %25%36%38%25%37%34%25%37%34%25%37%30%25%33%61%25%3 2%66%25%32%66%25%37%37%25%37%37%25%37%37%25%32%65% 25%33%33%25%36%31%25%37%33%25%37%31%25%32%65%25%36 %65%25%36%35%25%37%34%25%32%66)

http://www.3asq.net/uploads/348a62365a.png (http://www.3asq.com/3asq.php?url=%68%74%74%70%3a%2f%2f%33%61%73%71%2e% 63%6f%6d%2f%33%61%73%71%2e%70%68%70%3f%75%72%6c%3d %25%36%38%25%37%34%25%37%34%25%37%30%25%33%61%25%3 2%66%25%32%66%25%37%37%25%37%37%25%37%37%25%32%65% 25%33%33%25%36%31%25%37%33%25%37%31%25%32%65%25%36 %65%25%36%35%25%37%34%25%32%66)

http://www.3asq.net/uploads/cc49d3d72f.png (http://www.3asq.com/3asq.php?url=%68%74%74%70%3a%2f%2f%33%61%73%71%2e% 63%6f%6d%2f%33%61%73%71%2e%70%68%70%3f%75%72%6c%3d %25%36%38%25%37%34%25%37%34%25%37%30%25%33%61%25%3 2%66%25%32%66%25%37%37%25%37%37%25%37%37%25%32%65% 25%33%33%25%36%31%25%37%33%25%37%31%25%32%65%25%36 %65%25%36%35%25%37%34%25%32%66)

http://www.3asq.net/uploads/8b66f318c8.png (http://www.3asq.com/3asq.php?url=%68%74%74%70%3a%2f%2f%33%61%73%71%2e% 63%6f%6d%2f%33%61%73%71%2e%70%68%70%3f%75%72%6c%3d %25%36%38%25%37%34%25%37%34%25%37%30%25%33%61%25%3 2%66%25%32%66%25%37%37%25%37%37%25%37%37%25%32%65% 25%33%33%25%36%31%25%37%33%25%37%31%25%32%65%25%36 %65%25%36%35%25%37%34%25%32%66)

http://www.3asq.net/uploads/d3cb93dbd9.png (http://www.3asq.com/3asq.php?url=%68%74%74%70%3a%2f%2f%33%61%73%71%2e% 63%6f%6d%2f%33%61%73%71%2e%70%68%70%3f%75%72%6c%3d %25%36%38%25%37%34%25%37%34%25%37%30%25%33%61%25%3 2%66%25%32%66%25%37%37%25%37%37%25%37%37%25%32%65% 25%33%33%25%36%31%25%37%33%25%37%31%25%32%65%25%36 %65%25%36%35%25%37%34%25%32%66)


http://www.3asq.net/uploads/0c492de624.png (http://www.3asq.com/3asq.php?url=%68%74%74%70%3a%2f%2f%33%61%73%71%2e% 63%6f%6d%2f%33%61%73%71%2e%70%68%70%3f%75%72%6c%3d %25%36%38%25%37%34%25%37%34%25%37%30%25%33%61%25%3 2%66%25%32%66%25%37%37%25%37%37%25%37%37%25%32%65% 25%33%33%25%36%31%25%37%33%25%37%31%25%32%65%25%36 %65%25%36%35%25%37%34%25%32%66)

هذا مجرد مثال في بعض الأحيان إذا كان باتش اختراق يظهر رقم البورت و الـ no-ip
و علم الدولة و غيرها حلل ملفا مشكوك بأمره و ستعرف ما أقصده

!!BlackStar!!
18-12-2010, 10:11 PM
الثالث:
فحص الملفات المشبوهة على موقع anubis

http://www.samysoft.net/forumim/fwasel/1/fgfdgdfg.gif\
الرابط
http://anubis.iseclab.org/ (http://anubis.iseclab.org/)

http://www.3asq.net/uploads/eba817a02f.png (http://www.3asq.com/3asq.php?url=%68%74%74%70%3a%2f%2f%33%61%73%71%2e% 63%6f%6d%2f%33%61%73%71%2e%70%68%70%3f%75%72%6c%3d %25%36%38%25%37%34%25%37%34%25%37%30%25%33%61%25%3 2%66%25%32%66%25%37%37%25%37%37%25%37%37%25%32%65% 25%33%33%25%36%31%25%37%33%25%37%31%25%32%65%25%36 %65%25%36%35%25%37%34%25%32%66)

http://www.3asq.net/uploads/dff8796b03.png (http://www.3asq.com/3asq.php?url=%68%74%74%70%3a%2f%2f%33%61%73%71%2e% 63%6f%6d%2f%33%61%73%71%2e%70%68%70%3f%75%72%6c%3d %25%36%38%25%37%34%25%37%34%25%37%30%25%33%61%25%3 2%66%25%32%66%25%37%37%25%37%37%25%37%37%25%32%65% 25%33%33%25%36%31%25%37%33%25%37%31%25%32%65%25%36 %65%25%36%35%25%37%34%25%32%66)

http://www.3asq.net/uploads/bc46d20bf5.png (http://www.3asq.com/3asq.php?url=%68%74%74%70%3a%2f%2f%33%61%73%71%2e% 63%6f%6d%2f%33%61%73%71%2e%70%68%70%3f%75%72%6c%3d %25%36%38%25%37%34%25%37%34%25%37%30%25%33%61%25%3 2%66%25%32%66%25%37%37%25%37%37%25%37%37%25%32%65% 25%33%33%25%36%31%25%37%33%25%37%31%25%32%65%25%36 %65%25%36%35%25%37%34%25%32%66)

http://www.3asq.net/uploads/5c9d243ed6.png (http://www.3asq.com/3asq.php?url=%68%74%74%70%3a%2f%2f%33%61%73%71%2e% 63%6f%6d%2f%33%61%73%71%2e%70%68%70%3f%75%72%6c%3d %25%36%38%25%37%34%25%37%34%25%37%30%25%33%61%25%3 2%66%25%32%66%25%37%37%25%37%37%25%37%37%25%32%65% 25%33%33%25%36%31%25%37%33%25%37%31%25%32%65%25%36 %65%25%36%35%25%37%34%25%32%66)

http://www.3asq.net/uploads/0fd582e61a.png (http://www.3asq.com/3asq.php?url=%68%74%74%70%3a%2f%2f%33%61%73%71%2e% 63%6f%6d%2f%33%61%73%71%2e%70%68%70%3f%75%72%6c%3d %25%36%38%25%37%34%25%37%34%25%37%30%25%33%61%25%3 2%66%25%32%66%25%37%37%25%37%37%25%37%37%25%32%65% 25%33%33%25%36%31%25%37%33%25%37%31%25%32%65%25%36 %65%25%36%35%25%37%34%25%32%66)

http://www.3asq.net/uploads/fa8f1f7eda.png (http://www.3asq.com/3asq.php?url=%68%74%74%70%3a%2f%2f%33%61%73%71%2e% 63%6f%6d%2f%33%61%73%71%2e%70%68%70%3f%75%72%6c%3d %25%36%38%25%37%34%25%37%34%25%37%30%25%33%61%25%3 2%66%25%32%66%25%37%37%25%37%37%25%37%37%25%32%65% 25%33%33%25%36%31%25%37%33%25%37%31%25%32%65%25%36 %65%25%36%35%25%37%34%25%32%66)

http://www.3asq.net/uploads/74e20c26f1.png (http://www.3asq.com/3asq.php?url=%68%74%74%70%3a%2f%2f%33%61%73%71%2e% 63%6f%6d%2f%33%61%73%71%2e%70%68%70%3f%75%72%6c%3d %25%36%38%25%37%34%25%37%34%25%37%30%25%33%61%25%3 2%66%25%32%66%25%37%37%25%37%37%25%37%37%25%32%65% 25%33%33%25%36%31%25%37%33%25%37%31%25%32%65%25%36 %65%25%36%35%25%37%34%25%32%66)


http://www.samysoft.net/forumim/fwasel/1/fgfdgdfg.gif

ملاحظة
1-الدروس لمسومس و العاشق و أنميات (حصريا)
2-التجربة هذه على باتش اختراق و يمكنها(المواقع) تحليل الفيروسات أيضا

Jomoon
19-12-2010, 11:05 PM
وعليكم السـلام ورحمة الله وبركاته...

مشكور على الموضـوع...

الله يعطيك العااافية...

Pirate king
19-12-2010, 11:15 PM
شوي شوي علينا *_*"
<< يقصد عدة مواضيع إبداعية مرة واحدة
أستخدم غالباً الطريقة الأولى
وانصح فيها كثيراً
وخاصة الملفات المضغوطة الموقع قادر على فحصها
لانه عادة لما تحمل باتش او برنامج ويجيك مضغوط ومن موقع مشكوك فيه
يصير برنامج ضار >_>
وكد مرة أكلتها
حملت ملف وفتحته والله لا يوريك
يوم كامل مضارب أنا والجهاز XD
بعدها اي ملف مضغوط على طول أفحصه بالطريقة الأولى
موفق

Jomoon
19-12-2010, 11:26 PM
لا تخوفونــا يعني لازم نفحص قبل كل شي...

الله يكون في عونــا...

KoKo2007
21-12-2010, 05:09 AM
واااي مرررة تشكر بصراحه ...

مافي شيء اسوي فحص للجهاز بأكملو ...

بجد تشكر على الطرق ....

دمت بخير...

ودي....

Pirate king
21-12-2010, 02:49 PM
واااي مرررة تشكر بصراحه ...

مافي شيء اسوي فحص للجهاز بأكملو ...

بجد تشكر على الطرق ....

دمت بخير...

ودي....
http://www.msoms-anime.net/t143742.html

الجـوهرة
22-12-2010, 10:18 AM
اهللا بلاك استار والله نسيت ارد على هذا الموضوع واعذرني بجد اريد اتابع معك لكن ظروف صعبه في هذه الايام

بالنسبة لموقع VirusTotal

فهو من افضل المواقع كثيرا ما نصادف ملفات مشبوهه وخاصة بفحص العمليات المفتوحة بالجهاز وموقع فايروس توتل يعطيك اختبارات برامج الحماية ^_^

لكن صدق مرة رفعت فيه ملف كان بفلاش تعمل اختصارات وتخفي مجلدات الفلاش بالاصح تحولها لملفات نظام

وكان التطبيق الي بالفلاش هذا غريب جداً بحجم 500 كيلو وكنت شاكه بانه شيء ملغم لكن اختبارات البرامج ما اثبتت شيء معه ^_^

قمت برفع نفس الملف على الموقع الاخر
ThreatExpert

لكنه ما وصلني اي تقرير انتظرت يومين بدون ما يصلني شيء يذكر >_< والله عصبوني :@

قمت بتشغيل الملف بالنهاية وانا بدون برنامج حماية ^^" وانضربت جميع التطبيقااات >_<

بالنهاية النود انقذني ^^

عموما والله الموقع الاخير ما جربته بعد لهذا سيتم تجربته بمجرد الاشتباه بأحد الملفات ^^

تحياتي لك بجد اذهلتنا بمواضيع رائــعه جدا :)

تقبل مروري

!!BlackStar!!
25-12-2010, 02:05 PM
وينكم؟؟ Icon55

لهذه الدرجة الوضوع ما له قيمةicon-??

!!BlackStar!!
6-1-2011, 01:37 PM
للرفع.........