VirSCAN VirSCAN

1, Můžete nahrát libovolné soubory, ale existuje limit 20Mb na soubor.
2, VirSCAN podporuje dekompresi Rar / Zip, ale musí obsahovat méně než 20 souborů.
3, VirSCAN otestuje komprimované soubory, které jsou chráněné heslem 'infected' nebo 'virus'.
4, Pokud vá? prohlí?e? nem??e nahrát soubory, prosím, stáhněte upload VirSCAN.

Vyberte jazyk
Zatížení serveru
Server Load
VirSCAN
VirSCAN

1, Můžete nahrát libovolné soubory, ale existuje limit 20Mb na soubor.
2, VirSCAN podporuje dekompresi Rar / Zip, ale musí obsahovat méně než 20 souborů.
3, VirSCAN otestuje komprimované soubory, které jsou chráněné heslem 'infected' nebo 'virus'.

Základní informace

Název souboru: 00神医毒妃
Velikost souboru: 420691
Typ souboru: application/x-dosexec
MD5: e80c36840ca2687d35b4102c50641862
sha1: 036c0e5c8144d13507020e1e56ed5f8861ae6a59

 CreateProcess

ApplicationName: C:\ProgramData\gbdojg.exe
CmdLine:
childid: 952
childname: gbdojg.exe
childpath: C:\ProgramData\gbdojg.exe
drop_type: 1
name: 1620581444354_e80c36840ca2687d35b4102c50641862.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1620581444354_e80c36840ca2687d35b4102c50641862.exe
pid: 2636
ApplicationName:
CmdLine:
childid: 2636
childname: 1620581444354_e80c36840ca2687d35b4102c50641862.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\1620581444354_e80c36840ca2687d35b4102c50641862.exe
drop_type:
name:
noNeedLine:
path:
pid: 2800

 Summary

buffer: C:\ProgramData\gbdojg.exe
processid: 952
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
type: REG_SZ
valuename: Microsoft\xae Windows\xae Operating System

 Dropped_Save

analysis_result: 安全
create: 0
how: write
md5: a52d6cb53c4c31e9f5ad53a356adf9dd
name: Mira.h
new_size: 150KB (153811bytes)
operation: 修改文件
path: C:\ProgramData\Saaaalamm\Mira.h
processid: 2636
processname: 1620581444354_e80c36840ca2687d35b4102c50641862.exe
sha1: 4e9b2d208dc3c3a6e23decb0a7d7381c73f7b101
sha256: f6bc441488529eadccfef115d11fa10c5cb8cb125b6c08c52a2bbc144bd4f7d8
size: 153811
this_path: /data/cuckoo/storage/analyses/2000470/files/1001/Mira.h
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 326de0ff7b9dab3e381fbd26a31efd10
name: $Recycle.Bin .exe
new_size: 410KB (420693bytes)
operation: 修改文件
path: C:\$Recycle.Bin .exe
processid: 952
processname: gbdojg.exe
sha1: ffdd53e93dc48eb3d7b37270fd28d9c58a78e58c
sha256: 4978fdff87e6445a554df8330dc17ca97132e9ba348efcd8a1d9b4b0c84ad81c
size: 420693
this_path: /data/cuckoo/storage/analyses/2000470/files/1002/$Recycle.Bin .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 405529c95c962d0566294577d54ebef3
name: CdIBrpqbg .exe
new_size: 410KB (420693bytes)
operation: 修改文件
path: C:\CdIBrpqbg .exe
processid: 952
processname: gbdojg.exe
sha1: e755c15129a417d0912ced4d6fb750bb2d7eb8f1
sha256: c8ddaaaeeb10a2911f3a20297eda33dcffe17af79442a0f015cba6a213ad8741
size: 420693
this_path: /data/cuckoo/storage/analyses/2000470/files/1003/CdIBrpqbg .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 7298a5f8be41a21ca2adf3616e950429
name: dfaQLvcqY .exe
new_size: 410KB (420693bytes)
operation: 修改文件
path: C:\dfaQLvcqY .exe
processid: 952
processname: gbdojg.exe
sha1: 1eef780882e18eab9aca0cfb1e50616aaaa03e31
sha256: a50b0c9391fd9b6b83d45c3982672b9986db46f86f82f668816e8f73ef360d73
size: 420693
this_path: /data/cuckoo/storage/analyses/2000470/files/1004/dfaQLvcqY .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: fee0adf12e0a46d5533b32d51f94e628
name: Documents and Settings .exe
new_size: 410KB (420693bytes)
operation: 修改文件
path: C:\Documents and Settings .exe
processid: 952
processname: gbdojg.exe
sha1: a7f635a644d18b9eb513620b29ab4fbe8f012ff1
sha256: 53419bcabe337722832a00ebd03fa210bf34b7b0355912d66847d164464e383f
size: 420693
this_path: /data/cuckoo/storage/analyses/2000470/files/1005/Documents and Settings .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 606a63b282fe0be5b7bea5a780e773a7
name: mnlsx .exe
new_size: 410KB (420693bytes)
operation: 修改文件
path: C:\mnlsx .exe
processid: 952
processname: gbdojg.exe
sha1: 5ca101c1826c78cecd9b668949ff303eb5075824
sha256: 2de02c562457eeca2892ff9601b0b75b5dfaf6f8e23c495c7f8b83e76589df00
size: 420693
this_path: /data/cuckoo/storage/analyses/2000470/files/1006/mnlsx .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 7e39763196adb107cea4d92d1c29d63b
name: MSOCache .exe
new_size: 410KB (420693bytes)
operation: 修改文件
path: C:\MSOCache .exe
processid: 952
processname: gbdojg.exe
sha1: f9fd49402ae41eb9b866533c910cb3f4c9e43136
sha256: 2d7a693bdf2c9472e1f23a8326349c442e6f8132a199ffc510646cea7a440032
size: 420693
this_path: /data/cuckoo/storage/analyses/2000470/files/1007/MSOCache .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 7104024b92f3297a1a75e1b92aadcf4a
name: MXTEXENUSMAD .exe
new_size: 410KB (420693bytes)
operation: 修改文件
path: C:\MXTEXENUSMAD .exe
processid: 952
processname: gbdojg.exe
sha1: c9f1f122b4580b0222e01c3e1baca9c040381562
sha256: 8bcb6ad32dc55fcbbc5214e92362be36528da0fa7bc0d1cd08e44e73d46152c2
size: 420693
this_path: /data/cuckoo/storage/analyses/2000470/files/1008/MXTEXENUSMAD .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 56fcf606451f3c769c575a8758efc6b2
name: pagefile.sys .exe
new_size: 410KB (420693bytes)
operation: 修改文件
path: C:\pagefile.sys .exe
processid: 952
processname: gbdojg.exe
sha1: f71f920cc99cc53cdf50ecd681f02834d802e9fe
sha256: 5e6e78d1ac541b8e39d171947aff80c6d5121b7931d4e62d468f4986f11dad9d
size: 420693
this_path: /data/cuckoo/storage/analyses/2000470/files/1009/pagefile.sys .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 4d0f454946f4c686648b9b823d2838df
name: PerfLogs .exe
new_size: 410KB (420693bytes)
operation: 修改文件
path: C:\PerfLogs .exe
processid: 952
processname: gbdojg.exe
sha1: 34461aea27c4c281ff90e966768cfeae3d2de443
sha256: b8dbac0fd25fd3bee0bb92de2c9747c1402a3538e7ac3c72e2ce809c50276a90
size: 420693
this_path: /data/cuckoo/storage/analyses/2000470/files/1010/PerfLogs .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 9afe3ba7f38cbf657650045301c22f3a
name: Program Files .exe
new_size: 410KB (420693bytes)
operation: 修改文件
path: C:\Program Files .exe
processid: 952
processname: gbdojg.exe
sha1: 961c0a64753458e8300b60a4f65b7428f76dfeb3
sha256: 3dbc48e0ec56edc9ac10a75b929d9ef22281aa881e6cfa789f8d044e44d1ae48
size: 420693
this_path: /data/cuckoo/storage/analyses/2000470/files/1011/Program Files .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 16dfd45ed6dfc2c3d72fb28475fc05a2
name: Program Files (x86) .exe
new_size: 410KB (420693bytes)
operation: 修改文件
path: C:\Program Files (x86) .exe
processid: 952
processname: gbdojg.exe
sha1: 3c4040bc3dd70b7885b4f2004195c8996de06c8d
sha256: 262b8abfb48c3f133e37848bdeba6a073366a440db8646f959851c5d8dafe1f1
size: 420693
this_path: /data/cuckoo/storage/analyses/2000470/files/1012/Program Files (x86) .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: cc17e1ab48e32cc68954ab9c5ec9893b
name: ProgramData .exe
new_size: 410KB (420693bytes)
operation: 修改文件
path: C:\ProgramData .exe
processid: 952
processname: gbdojg.exe
sha1: 82d816f55d1086c6636b0c7710b60a83d8daf25d
sha256: 7602d0d268904b5aeed0ff91bb845d2b8c8bc3fc8f5fc3525db910f488fa894c
size: 420693
this_path: /data/cuckoo/storage/analyses/2000470/files/1013/ProgramData .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: dc6402943bd55b2ff3e16bb7fcc19c6d
name: Python27 .exe
new_size: 410KB (420693bytes)
operation: 修改文件
path: C:\Python27 .exe
processid: 952
processname: gbdojg.exe
sha1: a069eec14f61784d0d195299cf32ade585f3d6e8
sha256: 1db738a26e6faa1f5c44548b80cd5f1bee95d4c8ab9e6690ec1136dbc5790f63
size: 420693
this_path: /data/cuckoo/storage/analyses/2000470/files/1014/Python27 .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 90cef6a96f481572e1795a281f1cdab7
name: Recovery .exe
new_size: 410KB (420693bytes)
operation: 修改文件
path: C:\Recovery .exe
processid: 952
processname: gbdojg.exe
sha1: 5e31b13de1add52fc30c14381e77c0679fde1f86
sha256: 56462059cc86ab166a9ea881bc752a73d8f5ad7cb16042a6bff479b88538671f
size: 420693
this_path: /data/cuckoo/storage/analyses/2000470/files/1015/Recovery .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: e888ddff4ecaea08f27bbd21ed6a3fc8
name: System Volume Information .exe
new_size: 410KB (420693bytes)
operation: 修改文件
path: C:\System Volume Information .exe
processid: 952
processname: gbdojg.exe
sha1: e5517c34402c52bac40391642ceb704c1a10def3
sha256: fa0353bf7c66f01c1cf347dab9542dec0187722edc7ae43cecbe7c79879ddfc0
size: 420693
this_path: /data/cuckoo/storage/analyses/2000470/files/1016/System Volume Information .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 19e09ec31698b8ae35994832a3c9602f
name: Users .exe
new_size: 410KB (420693bytes)
operation: 修改文件
path: C:\Users .exe
processid: 952
processname: gbdojg.exe
sha1: 3caffc396472f3a52abf585a059042555e0d404c
sha256: 5053a3323b885bd9989c4d2025498eb0e55c90e2463479b30540fe4997d4a48c
size: 420693
this_path: /data/cuckoo/storage/analyses/2000470/files/1017/Users .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 4f4edf7313091794caf26760a3b2e234
name: vHkvkiZ .exe
new_size: 410KB (420693bytes)
operation: 修改文件
path: C:\vHkvkiZ .exe
processid: 952
processname: gbdojg.exe
sha1: 6d9f1fc67fb825ef5a8a0c534c8f786372a7bdeb
sha256: 9217c5ffc7ba79ff3992d72cf9507bf1c7ccb9fb33f8040ee6021cf43e09561e
size: 420693
this_path: /data/cuckoo/storage/analyses/2000470/files/1018/vHkvkiZ .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 5bd24bacd231ed5c524b062113082191
name: Windows .exe
new_size: 410KB (420693bytes)
operation: 修改文件
path: C:\Windows .exe
processid: 952
processname: gbdojg.exe
sha1: b58ecedbf69ed2f201ffbae2ffab0d3d4a5f4dad
sha256: 72f3e1472cafc9afc2102fe0a41e64b0b1750bf04bd70a251307e2d958e7c992
size: 420693
this_path: /data/cuckoo/storage/analyses/2000470/files/1019/Windows .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 326de0ff7b9dab3e381fbd26a31efd10
name: $RECYCLE.BIN .exe
new_size: 410KB (420693bytes)
operation: 修改文件
path: C:\$RECYCLE.BIN .exe
processid: 952
processname: gbdojg.exe
sha1: ffdd53e93dc48eb3d7b37270fd28d9c58a78e58c
sha256: 4978fdff87e6445a554df8330dc17ca97132e9ba348efcd8a1d9b4b0c84ad81c
size: 420693
this_path: /data/cuckoo/storage/analyses/2000470/files/1020/$RECYCLE.BIN .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows

 Dropped Unsave

analysis_result: Trojan.Win32.Agent.nezvfi
create: 0
how: write
md5: 7496a917ff6b1f70a7f192ca0139e611
name: gbdojg.exe
new_size: 260KB (266870bytes)
operation: 修改文件
path: C:\ProgramData\gbdojg.exe
processid: 2636
processname: 1620581444354_e80c36840ca2687d35b4102c50641862.exe
sha1: 1dbe8ea4b79cc9b269e0c87d58c2cf55e0cd2f0e
sha256: fb10ee457d8d4b0d766811e0d7a018a7ca1a32ba97682d095afe845947afc421
size: 266870
this_path: /data/cuckoo/storage/analyses/2000470/files/1000/gbdojg.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows

 Malicious

attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 3
process_id: 2636
process_name: 1620581444354_e80c36840ca2687d35b4102c50641862.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 30
process_id: 2636
process_name: 1620581444354_e80c36840ca2687d35b4102c50641862.exe
rulename: 遍历文件
attck_tactics: 防御逃逸
level: 2
matchedinfo: 通过修改查看隐藏文件设置,达到隐藏文件的目的
num: 180
process_id: 2636
process_name: 1620581444354_e80c36840ca2687d35b4102c50641862.exe
rulename: 获取隐藏文件设置
attck_tactics: 持久化
level: 2
matchedinfo: 恶意程序通过修改注册表的方式实现随系统自启动,以达到长期控制或驻留系统的目的
num: 8
process_id: 952
process_name: gbdojg.exe
rulename: 写入自启动注册表,增加自启动2
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 18
process_id: 952
process_name: gbdojg.exe
rulename: 遍历文件