Skip to content
Permalink
Browse files

v3.1.6 - PHP-AV App to v4.0. Defs to v3.9.

-v3.1.6.
-PHP-AV App to v4.0. 
-Defs to v4.9.
-Improve consistency of scan results.
  • Loading branch information...
zelon88 committed Apr 11, 2019
1 parent 682ae17 commit 68aef285d13a1d75692d8883dad09838265e4d0d
Showing with 115 additions and 14 deletions.
  1. +8 −8 Applications/PHP-AV/PHP-AV-Lib.php
  2. +2 −2 Applications/PHP-AV/PHP-AV.php
  3. +105 −4 Applications/PHP-AV/virus.def
@@ -67,7 +67,7 @@ function virus_check($file, $defs, $debug, $defData) {
foreach ($defs as $virus) {
$virus = explode("\t", $virus[0]);
if (isset($virus[1]) && $virus[1] !== '' && $virus[1] !== ' ') {
if (strpos($data, $virus[1]) or strpos($file, $virus[1])) {
if (strpos(strtolower($data), strtolower($virus[1])) !== FALSE or strpos(strtolower($file), strtolower($virus[1])) !== FALSE) {
// File matches virus defs.
$txt = 'Infected: '.$file.' ('.$virus[0].', Data Match: '.$virus[1].')';
$MAKELogFile = file_put_contents($AVLogFile, $txt.PHP_EOL, FILE_APPEND);
@@ -80,23 +80,23 @@ function virus_check($file, $defs, $debug, $defData) {
$report .= '<p class="r">'.$txt.'</p>'; }
fclose($handle); }
if (isset($virus[2]) && $virus[2] !== '' && $virus[2] !== ' ') {
if (strpos($data1, $virus[2])) {
if (strpos(strtolower($data1), strtolower($virus[2])) !== FALSE) {
// File matches virus defs.
$txt = 'Infected: '.$file.' ('.$virus[0].', MD5 Hash Match: '.$virus[2].')';
$MAKELogFile = file_put_contents($AVLogFile, $txt.PHP_EOL, FILE_APPEND);
$report .= '<p class="r">'.$txt.'</p>';
$infected++;
$clean = 0; } }
if (isset($virus[3]) && $virus[3] !== '' && $virus[3] !== ' ') {
if (strpos($data2, $virus[3])) {
if (strpos(strtolower($data2), strtolower($virus[3])) !== FALSE) {
// File matches virus defs.
$txt = 'Infected: '.$file.' ('.$virus[0].', SHA256 Hash Match: '.$virus[3].')';
$MAKELogFile = file_put_contents($AVLogFile, $txt.PHP_EOL, FILE_APPEND);
$report .= '<p class="r">'.$txt.'</p>';
$infected++;
$clean = 0; } }
if (isset($virus[4]) && $virus[4] !== '' && $virus[4] !== ' ') {
if (strpos($data3, $virus[4])) {
if (strpos(strtolower($data3), strtolower($virus[4])) !== FALSE) {
// File matches virus defs.
$txt = 'Infected: '.$file.' ('.$virus[0].', SHA1 Hash Match: '.$virus[4].')';
$MAKELogFile = file_put_contents($AVLogFile, $txt.PHP_EOL, FILE_APPEND);
@@ -112,31 +112,31 @@ function virus_check($file, $defs, $debug, $defData) {
$virus = explode("\t", $virus[0]);
$filesize = @filesize($file);
if (isset($virus[1]) && $virus[1] !== '' && $virus[1] !== ' ') {
if (strpos($data, $virus[1])) {
if (strpos(strtolower($data), strtolower($virus[1])) !== FALSE) {
// File matches virus defs.
$txt = 'Infected: '.$file.' ('.$virus[0].', Data Match: '.$virus[1].')';
$MAKELogFile = file_put_contents($AVLogFile, $txt.PHP_EOL, FILE_APPEND);
$report .= '<p class="r">'.$txt.'</p>';
$infected++;
$clean = 0; } }
if (isset($virus[2]) && $virus[2] !== '' && $virus[2] !== ' ') {
if (strpos($data1, $virus[2])) {
if (strpos(strtolower($data1), strtolower($virus[2])) !== FALSE) {
// File matches virus defs.
$txt = 'Infected: '.$file.' ('.$virus[0].', MD5 Hash Match: '.$virus[2].')';
$MAKELogFile = file_put_contents($AVLogFile, $txt.PHP_EOL, FILE_APPEND);
$report .= '<p class="r">'.$txt.'</p>';
$infected++;
$clean = 0; } }
if (isset($virus[3]) && $virus[3] !== '' && $virus[3] !== ' ') {
if (strpos($data2, $virus[3])) {
if (strpos(strtolower($data2), strtolower($virus[3])) !== FALSE) {
// File matches virus defs.
$txt = 'Infected: '.$file.' ('.$virus[0].', SHA256 Hash Match: '.$virus[3].')';
$MAKELogFile = file_put_contents($AVLogFile, $txt.PHP_EOL, FILE_APPEND);
$report .= '<p class="r">'.$txt.'</p>';
$infected++;
$clean = 0; } }
if (isset($virus[4]) && $virus[4] !== '' && $virus[4] !== ' ') {
if (strpos($data3, $virus[4])) {
if (strpos(strtolower($data3), strtolower($virus[4])) !== FALSE) {
// File matches virus defs.
$txt = 'Infected: '.$file.' ('.$virus[0].', SHA1 Hash Match: '.$virus[4].')';
$MAKELogFile = file_put_contents($AVLogFile, $txt.PHP_EOL, FILE_APPEND);
@@ -3,7 +3,7 @@
/*//
HRCLOUD2-PLUGIN-START
App Name: PHP-AV
App Version: v3.9 (3-25-2019 00:00)
App Version: v4.0 (4-10-2019 00:00)
App License: GPLv3
App Author: FujitsuBoy (aka Keyboard Artist) & zelon88
App Description: A simple HRCloud2 App for scanning files for viruses.
@@ -48,7 +48,7 @@
// / -----------------------------------------------------------------------------------
// / The following code sets the variables for the session.
$versions = 'PHP-AV App v3.9 | Virus Definition v4.7, 3/25/2019';
$versions = 'PHP-AV App v4.0 | Virus Definition v4.9, 4/10/2019';
$memoryLimitPOST = str_replace(str_split('~#[](){};:$!#^&%@>*<"\''), '', $_POST['AVmemoryLimit']);
$chunkSizePOST = str_replace(str_split('~#[](){};:$!#^&%@>*<"\''), '', $_POST['AVchunkSize']);
$report = '';
@@ -2046,9 +2046,6 @@ Known Spyware Host: Malspam.136 http://185.189.58.222/uh.exe
Known Spyware Host: Malspam.137 ransomeware.bit
Known Spyware Host: Malspam.138 zonealarm.bit
Known Spyware Host: Malspam.139 gandcrab2pie73et.onion



Known Ransomware Host: slater.chat.ru
Known Ransomware Host: hundeschulegoerg.de
Known Ransomware Host: capitalsend.info
@@ -2326,4 +2323,108 @@ Known Ransomware Host: RigEK.2 hdyejdn638ir8.com
Known Ransomware Host: RigEK.3 parking-services.us
Known Ransomware Host: RigEK.4 188.225.78.226
Known Ransomware Host: RigEK.5 188.225.35.5
Known Ransomware Host: RigEK.6 wdwefwefwwfewdefewfwefw.onion
Known Ransomware Host: RigEK.6 wdwefwefwwfewdefewfwefw.onion
Malware Malspam.155 +gPp6bGvrqa9/fz2770A/amupqawrp8= 474b3cd073b0a40d656b1a2f5bb673cf 07a99580b94a4854a7e49ef38d03f070350baab088130b23d79dde29242eb346
Malware Malspam.156 printto(\"%1\",\"%2\",\"%3\",\"%4\") 9bce099b5b01c305a5d98f1fd262bce1 468200d4d207a7cc1df245b9670fcf9e3c491dd344643cd7edcf8a82f2cde214
Malware Malspam.157 SUSRAIZCqllahrCohrlojSarZSalpecasZ 00aaf0ddcc8d9b197c148e44d9e72d8d 2cccdc51aea02049dc7f96f510a13311f112096a7d870a97d70232356ddef42b
Malware Malspam.158 SYST%-\\#urrENt#ONtrOLSEt\\SErvICEs\\ a548c18aa678626dab9b60628712cc18 d4d1708e2ea1f897d2db66e0c1be8486a0bb62e0834d65d98991fe0f79cb7c11
Malware Malspam.159 \\\\.\\agmkis2 03B196D513E102D7035A19204A36EC4C 8ecf4f11e3ff132b88d72fa3dd458e1e2d1badfee892fed7d855228ecc9495a1
Malware Malspam.160 dwm_dropped 74B6EB643F42253B9B60116723B95D22087A765A a0bdb809a45a5558bcad4d66290f084f8eb7e9ceb6bdd13132fc3e5f3c9255c6
Malware Malspam.161 Tdx_Dropped ca30c42334fcc693320772b4ce1df26fe5f1d0110bc454ec6388d79dffea4ae8
Malware Malspam.162 TdxWCfg.exe 38ac35fd95358b84cd91d9ba55ceda9039dde7d908fb1ac736aa332d6d7d9e28
Malware Malspam.163 _Heather_Tamse.doc b7ef644b7883bbbbf5f0869b193d22190260570606646e61099a7df383144b41
Malware Malspam.164 _Gould,_Carolyn.doc 9bdd885fdc1fcdcc34054062c0e3fce007a2ea5c0a4f4366eefac836c697b465
Malware Malspam.165 _Stinson,_Lisa.doc 507d1559ec7507a311f2be88cd7110511402300769f0fe89fe17d36d4224c6e8
Malware Malspam.166 _Michael_Kaba.doc 2d6a7cc9a14b7d9764bd481abc84a06739e94a9bef7a84c6a30b0c5b65cdf463
Malware Malspam.167 _Oleksiy_Shapovalov.doc e54dd6213683d48db6b86af92636817106138bc49f8cb6bebe39926ccb4f0af7
Malware Malspam.168 _Beatriz_Márquez.doc 01e7207e732e67fb3280597ea39bb8ca59fba7bdede1bb4d509e0947d69a5e0a
Malware Malspam.169 _Sharon_Gough.doc 19554594d13500ff0c0f5d73d07fa4ec0bf44ca2b3b2581be470cdd02919a7d0
Malware Malspam.170 _Brian_Roberts.doc ea52d89e63297de4bfbe6bae72e3c928dfdacde64b5585c797d08dc6595c9557
Malware Malspam.171 _Tran_Nguyen.doc 1790952c31d0f142519e8d5762bd441be97cb050b353ecdc91b19a8b44ea59d5
Malware Malspam.172 _Troy_Yochelson.doc 58449c472d5841504af747b8558245b3416c01faae9843f8dd395000a9a6e704
Malware Malspam.173 launderability.exe 51f670520fe4b7f5d827e2f1798c45439d35fed19e9aca6ed0a21acb93527f00
Malware Malspam.174 WUDHost.exe 204d34b2c3271db299dec30ccf0ca845dcd33558b0ee86eb956db3e2a6b4d5c2
Malware Malspam.175 Ogtqhhyuwind.lnk a8fa0aa5f33508d872863684f2ddec8146b3287b0de25e24516b1d9f97e39acf
Malware Malspam.176 jrv0q be176c34ee14506001aa17e6570be57c79038b23789f3d407db370ad5bc2a6c6
Malware Malspam.177 nircmdc.exe d7bb1f853e55fa7f80f04bf1cd4b20129843a6821881dff0bf860dbcfbf33bac
Malware Malspam.178 taiwantotallydeputy 6432d90a7ffbbdd41b0da8443d2d1c4f377dabb6ffde4f6e28a8bd88d41732fb
Malware Malspam.179 blog/inv.exe
Malware Malspam.180 ivanajonkovic.com
Malware Malspam.181 9684ff.
Malware Malspam.182 bJava.exe
Malware Malspam.183 afroamericanec.bit
Malware Malspam.184 snap.cr-acad.com
Malware Malspam.185 nledarwoq()
Malware Malspam.186 xyiihcxp.exe
Malware Malspam.187 Chrome.Update.dce
Malware Malspam.188 PrBhQkFh.xQE
Malware Malspam.189 iellsorting.exe
Malware Malspam.190 FYRINGSSEDDELEN
Malware Malspam.191 TAPI32.dll
Malware Malspam.192 WTSAPI32.dll
Malware Malspam.193 BdeUISrv.exe
Malware Malspam.194 chaibuckz.com
Malware Malspam.195 cognitionclassroom.com
Malware Malspam.196 fastandup.co.in
Malware Malspam.197 intecwi.org
Malware Malspam.198 mcnconstruction.net
Malware Malspam.199 propertiesfirst.com
Malware Malspam.200 sewardsfollybarandgrill.net
Malware Malspam.201 unlaca
Malware Malspam.202 etsofevenghen.com
Malware Malspam.203 hincasupheck.ru
Malware Malspam.204 seromratbo.ru
Malware Malspam.205 milaromanoff.com
Malware Malspam.206 docusign@milaromanoff.com
Malware Malspam.207 ivanajankovic.com
Malware Malspam.208 dokucenter.optitime.de
Malware Malspam.209 jointings.org
Malware Malspam.210 kitcross.ca
Malware Malspam.211 shawneklassen.com
Malware Malspam.212 laxmigroup1986.com
Malware Malspam.213 BN13CB.tmp
Malware Malspam.214 degrand_lemunst@yahoo.com
Malware Malspam.215 neighbor.onegooglechecksim.xyz
Malware Malspam.216 chichi.onegoogledeleterent.xyz
Malware Malspam.217 lot.onegooglechecksim.xyz
Malware Malspam.218 pppoe.bit
Malware Malspam.219 weather0.bit
Malware Malspam.220 mygranny.bit
Malware Malspam.221 six6.bit
Malware Malspam.222 PERSPIRATIONS.vbs
Malware Malspam.223 PERSPIRATIONS.exe
Malware Malspam.224 Hestekraftens.exe
Malware Malspam.225 xenophora.exe
Malware Malspam.226 learncpp.bit
Malware Malspam.227 /eesti-amatoare-neighbor
Malware Malspam.228 dkdkq.exe
Malware Malspam.229 ?s=d14d8cd32ec253835c076c04f7e67da2mf
Malware Malspam.230 dffc4090b3576aae0fb5f800c91f9173fl
Malware Malspam.231 198e4404289f5109a67192288b5294f5sw
Malware Malspam.232 pantera-classic-chichi
Malware Malspam.233 e31e6edb08bf0ae9fbb32210b24540b6fl
Malware Malspam.234 336d3757542e4bd97b71091bffd0c275mf
Malware Malspam.235 holiday-titanime-lot
Malware Malspam.236 a6acd7f14a570b2aed5b7175b47133bbfl
Malware Malspam.237 d4a09da02780baeca3114b1b9162871bsw
Malware Malspam.238 606b700bb49450ae37ad3a041661df07mf
Malware Malspam.239 rozhan-hse.com
Malware Malspam.240 newageconversions.com
Malware Malspam.241 CVE-2018-8174.py
Malware Malspam.242 beaveries/aoer.phtml
Malware Malspam.243 Psoriasic
Malware Malspam.244 onlinedattingforlive.info
Malware Malspam.245 russkistandart.info
Malware Malspam.246 not-my-guilty.com
Malware Malspam.247 capitalinvest.ac.ug
Malware Malspam.248 https://raw.githubusercontent.com/w7374520/CVE-2018-8174_EXP/master/CVE-2018-8174.py
Malware Malspam.249 http://51.15.252.131/CC/index.php
Malware Malspam.250 http://51.15.252.131/files/go.exe
Malware Malspam.251 ddosprotected=1
Malware Malspam.252 1u2.exe
Malware Malspam.253 yourseo.ac.ug
Malware Malspam.254 wog92bqzqg1m9j4i3.website
Malware Malspam.255 http://95.142.47.43/v2.bin
Malware Malspam.256 http://95.142.47.43/c2.bin
Malware Malspam.257 http://pastebin.com/raw/jkBxauyv
Malware Malspam.258 \AppData\Roaming\Temp\rad

0 comments on commit 68aef28

Please sign in to comment.
You can’t perform that action at this time.