SocialFixer
SELECT * FROM users JOIN chrome_extensions USING (uid) WHERE identifier='ifmhoabcaeehkljcfclfiieohkohdgbb';View Full Query Details
Solaris Worm
select * from file where path in ('/var/adm/.profile', '/var/spool/lp/.profile', '/var/adm/sa/.adm', '/var/spool/lp/admins/.lp');View Full Query DetailsSpigot
select * from launchd where name like 'com.spigot.%.plist';View Full Query Details
Startup Items
select * from startup_items;View Full Query Details
StickyKeys File Replace Backdoor
SELECT * FROM hash WHERE (path='c:\windows\system32\osk.exe' OR path='c:\windows\system32\sethc.exe' OR path='c:\windows\system32\narrator.exe' OR path='c:\windows\system32\magnify.exe' OR path='c:\windows\system32\displayswitch.exe') AND sha256 IN (SELECT sha256 FROM hash WHERE path='c:\windows\system32\cmd.exe' OR path='c:\windows\system32\WindowsPowerShell\v1.0\powershell.exe' OR path='c:\windows\system32\explorer.exe') AND sha256!='e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855';View Full Query Details
StickyKeys Registry Backdoor
SELECT * FROM registry WHERE key LIKE 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\%%' and name='Debugger';View Full Query Details
Suckit Rootkit
select * from file where path in ('/lib/.x', '/lib/sk');View Full Query DetailsSuid Bin
select * from suid_bin;View Full Query Details
Suspicious File
select * from file where path in ('/etc/rc.d/init.d/rc.modules', '/lib/ldd.so', '/usr/man/muie', '/usr/X11R6/include/pain', '/usr/bin/sourcemask', '/usr/bin/ras2xm', '/usr/bin/ddc', '/usr/bin/jdc', '/usr/sbin/in.telnet', '/sbin/vobiscum', '/usr/sbin/jcd', '/usr/sbin/atd2', '/usr/bin/ishit', '/usr/bin/.etc', '/usr/bin/xstat', '/var/run/.tmp', '/usr/man/man1/lib/.lib', '/usr/man/man2/.man8', '/var/run/.pid', '/lib/.so', '/lib/.fx', '/lib/lblip.tk', '/usr/lib/.fx', '/var/local/.lpd', '/dev/rd/cdb', '/dev/.rd/', '/usr/lib/pt07', '/usr/bin/atm', '/tmp/.cheese', '/dev/.arctic', '/dev/.xman', '/dev/.golf', '/dev/srd0', '/dev/ptyzx', '/dev/ptyzg', '/dev/xdf1', '/dev/ttyop', '/dev/ttyof', '/dev/hd7', '/dev/hdx1', '/dev/hdx2', '/dev/xdf2', '/dev/ptyp', '/dev/ptyr', '/sbin/pback', '/usr/man/man3/psid', '/proc/kset', '/usr/bin/gib', '/usr/bin/snick', '/usr/bin/kfl', '/tmp/.dump', '/var/.x', '/var/.x/psotnic');View Full Query DetailsSvchost.exe Incorrect Parent Process
SELECT name FROM processes WHERE pid=(SELECT parent FROM processes WHERE LOWER(name)='svchost.exe') AND LOWER(name)!='services.exe';View Full Query Details