VirSCAN VirSCAN

1, Můžete nahrát libovolné soubory, ale existuje limit 20Mb na soubor.
2, VirSCAN podporuje dekompresi Rar / Zip, ale musí obsahovat méně než 20 souborů.
3, VirSCAN otestuje komprimované soubory, které jsou chráněné heslem 'infected' nebo 'virus'.
4, Pokud vá? prohlí?e? nem??e nahrát soubory, prosím, stáhněte upload VirSCAN.

Vyberte jazyk
Zatížení serveru
Server Load
VirSCAN
VirSCAN

1, Můžete nahrát libovolné soubory, ale existuje limit 20Mb na soubor.
2, VirSCAN podporuje dekompresi Rar / Zip, ale musí obsahovat méně než 20 souborů.
3, VirSCAN otestuje komprimované soubory, které jsou chráněné heslem 'infected' nebo 'virus'.

Základní informace

Název souboru: 00万古神帝
Velikost souboru: 428384
Typ souboru: application/x-dosexec
MD5: cf4e0450eeffecaa2664f82ebd7899cd
sha1: 7f4b0d068442f3ace4c124f031be0b1285903dad

 CreateProcess

ApplicationName:
CmdLine: rundll32 C:\Users\ADMINI~1\AppData\Local\Temp\1617672619635_cf4e0450eeffecaa2664f82ebd7899cd.dll,#1 Install
childid: 1312
childname: rundll32.exe
childpath: C:\Windows\SysWOW64\rundll32.exe
drop_type:
name: load-x86.exe
noNeedLine:
path: C:\NZMBCFJHMJ\bin\load-x86.exe
pid: 564
ApplicationName:
CmdLine: rundll32 C:\Users\ADMINI~1\AppData\Local\Temp\1617672619635_cf4e0450eeffecaa2664f82ebd7899cd.dll,#2 Install
childid: 2072
childname: rundll32.exe
childpath: C:\Windows\SysWOW64\rundll32.exe
drop_type:
name: load-x86.exe
noNeedLine:
path: C:\NZMBCFJHMJ\bin\load-x86.exe
pid: 564
ApplicationName:
CmdLine: C:\Windows\SysWOW64\rundll32mgr.exe
childid: 2352
childname: rundll32mgr.exe
childpath: C:\Windows\SysWOW64\rundll32mgr.exe
drop_type:
name: rundll32.exe
noNeedLine:
path: C:\Windows\SysWOW64\rundll32.exe
pid: 1312
ApplicationName:
CmdLine: C:\Windows\SysWOW64\rundll32mgr.exe
childid: 1164
childname: rundll32mgr.exe
childpath: C:\Windows\SysWOW64\rundll32mgr.exe
drop_type: 1
name: rundll32.exe
noNeedLine:
path: C:\Windows\SysWOW64\rundll32.exe
pid: 2072
ApplicationName:
CmdLine:
childid: 564
childname: load-x86.exe
childpath: C:\NZMBCFJHMJ\bin\load-x86.exe
drop_type:
name:
noNeedLine:
path:
pid: 2948

 Dropped_Save

analysis_result: 安全
create: 0
how: del
md5: d124f55b9393c976963407dff51ffa79
name: ~TM2557.tmp
new_size: 1261KB (1292096bytes)
operation: 释放后删除文件
path: C:\Users\Administrator\AppData\Local\Temp\~TM2557.tmp
processid: 2352
processname: rundll32mgr.exe
sha1: 2c7bbedd79791bfb866898c85b504186db610b5d
sha256: ea1e16247c848c8c171c4cd1fa17bc5a018a1fcb0c0dac25009066b6667b8eef
size: 1292096
this_path: /data/cuckoo/storage/analyses/1003398/files/7023635648/~TM2557.tmp
type: PE32 executable (DLL) (console) Intel 80386, for MS Windows
analysis_result: 安全
create: 0
how: del
md5: e80758cf485db142fca1ee03a34ead05
name: ~TM25B6.tmp
new_size: 818KB (837632bytes)
operation: 释放后删除文件
path: C:\Users\Administrator\AppData\Local\Temp\~TM25B6.tmp
processid: 2352
processname: rundll32mgr.exe
sha1: f43c8335fbe18641bed74717c48e83dfc7a5f42c
sha256: 3f94f8630c7603f9da79bf021cb56ac5357502badf6cb12f6ce11e5b2b244153
size: 837632
this_path: /data/cuckoo/storage/analyses/1003398/files/408020664/~TM25B6.tmp
type: PE32 executable (DLL) (console) Intel 80386, for MS Windows
analysis_result: 安全
create: 0
how: del
md5: d124f55b9393c976963407dff51ffa79
name: ~TM2F98.tmp
new_size: 1261KB (1292096bytes)
operation: 释放后删除文件
path: C:\Users\Administrator\AppData\Local\Temp\~TM2F98.tmp
processid: 1164
processname: rundll32mgr.exe
sha1: 2c7bbedd79791bfb866898c85b504186db610b5d
sha256: ea1e16247c848c8c171c4cd1fa17bc5a018a1fcb0c0dac25009066b6667b8eef
size: 1292096
this_path: /data/cuckoo/storage/analyses/1003398/files/2070092395/~TM2F98.tmp
type: PE32 executable (DLL) (console) Intel 80386, for MS Windows
analysis_result: 安全
create: 0
how: del
md5: e80758cf485db142fca1ee03a34ead05
name: ~TM30A2.tmp
new_size: 818KB (837632bytes)
operation: 释放后删除文件
path: C:\Users\Administrator\AppData\Local\Temp\~TM30A2.tmp
processid: 1164
processname: rundll32mgr.exe
sha1: f43c8335fbe18641bed74717c48e83dfc7a5f42c
sha256: 3f94f8630c7603f9da79bf021cb56ac5357502badf6cb12f6ce11e5b2b244153
size: 837632
this_path: /data/cuckoo/storage/analyses/1003398/files/2663792735/~TM30A2.tmp
type: PE32 executable (DLL) (console) Intel 80386, for MS Windows

 Dropped Unsave

analysis_result: Worm.Win32.Agent.adz
create: 0
how: write
md5: a8245f71e4e4aff10e574300abd2bcc2
name: rundll32mgr.exe
new_size: 354KB (363367bytes)
operation: 修改文件
path: C:\Windows\SysWOW64\rundll32mgr.exe
processid: 2072
processname: rundll32.exe
sha1: 7ea3ae53a0697e526c6bc877b103b390af042d7a
sha256: 7bf945e4d87567106bfe8980b4fe1e6482578ab91fa9d82426c804ae5c3f2546
size: 363367
this_path: /data/cuckoo/storage/analyses/1003398/files/1000/rundll32mgr.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows

 Malicious

attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 16
process_id: 1312
process_name: rundll32.exe
rulename: 拷贝文件到系统目录
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 5
process_id: 2352
process_name: rundll32mgr.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 基础信息获取
level: 1
matchedinfo: 恶意程序通过获取用户磁盘信息的方式,以达到获取敏感信息的目的
num: 186
process_id: 2352
process_name: rundll32mgr.exe
rulename: 收集磁盘信息
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 298
process_id: 2352
process_name: rundll32mgr.exe
rulename: 遍历文件
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 16
process_id: 2072
process_name: rundll32.exe
rulename: 拷贝文件到系统目录
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 5
process_id: 1164
process_name: rundll32mgr.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 基础信息获取
level: 1
matchedinfo: 恶意程序通过获取用户磁盘信息的方式,以达到获取敏感信息的目的
num: 186
process_id: 1164
process_name: rundll32mgr.exe
rulename: 收集磁盘信息
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 298
process_id: 1164
process_name: rundll32mgr.exe
rulename: 遍历文件