WHORUFile – Notice to Suspicious File Crate/Change Windows Server

Last Update 2017.04.19

Notice to file crate or change

WHORUFILE is help to protect your server for hacking.

DOWNLOAD

code sign on “Open Source Developer, JuSeong Han”

YOU LIKE IT, CLICK LIKE BUTTON 🙂

whorufile

WHORUFile - Notice to Suspicious File Crate Change Windows Server

Detect Below

  1. Dectect Hind

  2. Suspicious PEHeader Type File

  3. VirusTotal Check

  4. Suspicious Attributes

You can defanse to create malware file on server.

if And you want to check virus check on virustotal, you need to virustotal api key. check below link.

https://ithemes.com/security/how-to-malware-scan-api-key-with-virustotal/

 

History

2017.04.19 – Performance update.

2017.01.31 – Check file certificate and write in a log.

2017.01.23 – Offer file detail information when find to suspicious file .

 

How to use

  1. Console mode : just run program, then you can check the file monitoring in console, this mode not install mode
  2. Service mode : WHORU offer to install option, “-i”: install to service type(Automatic start when system boot), “-u”: service uninstall(remove)

run command line

“whorufile -i”  : install whorufile service type(we recommand this on server mode)

“whorufile -u” : uninstall whorufile service type.

“whoru”            : console mode, insistent mode(if you want to check one time, i recommend this.)

 

You can input to option WHORU.INI

[General]
Syslog_IP=192.168.0.1 <– Send to log at syslog server, When input IP address.
File=false  <– If you want to logging on the local machine, input here for true.

[File]
DirectoryPath=ALL <– If you need to only audit some folder or drive, input here. Default option is all drive.
Trust_List= notepad.exe <– If you need to trust item, input here.
Virustotal= xxx <– Input Virustotal Key. https://ithemes.com/security/how-to-malware-scan-api-key-with-virustotal/

Facebook Comments

Leave A Reply

이메일은 공개되지 않습니다. 필수 입력창은 * 로 표시되어 있습니다.