VirSCAN VirSCAN

1, Sie können jede Datei UPLOADEN, aber beachten Sie das 20 MB Limit pro Datei.
2, VirSCAN unterstützt ZIP und RAR mit weniger als 20 Dateien im Archiv
3, VirSCAN unterstützt die Standard Passwörter 'infected' und 'virus' bei Archiven.
4, Wenn Ihr Browser keine Dateien hochladen kann, laden Sie bitte VirSCAN-Uploader herunter.

Sprache
Server Auslastung
Server Load
VirSCAN
VirSCAN

1, Sie können jede Datei UPLOADEN, aber beachten Sie das 20 MB Limit pro Datei.
2, VirSCAN unterstützt ZIP und RAR mit weniger als 20 Dateien im Archiv
3, VirSCAN unterstützt die Standard Passwörter 'infected' und 'virus' bei Archiven.

Grundlegende Informationen

 CreateProcess

ApplicationName: C:\ProgramData\vfulkg.exe
CmdLine:
childid: 2668
childname: vfulkg.exe
childpath: C:\ProgramData\vfulkg.exe
drop_type: 1
name: 1621092637912_8b6cd6ec89e681e90c10c83efb16db46.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1621092637912_8b6cd6ec89e681e90c10c83efb16db46.exe
pid: 2096
ApplicationName:
CmdLine:
childid: 2096
childname: 1621092637912_8b6cd6ec89e681e90c10c83efb16db46.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\1621092637912_8b6cd6ec89e681e90c10c83efb16db46.exe
drop_type:
name:
noNeedLine:
path:
pid: 2268

 Summary

buffer: C:\ProgramData\vfulkg.exe
processid: 2668
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
type: REG_SZ
valuename: Microsoft\xae Windows\xae Operating System

 Dropped_Save

analysis_result: 安全
create: 0
how: write
md5: a52d6cb53c4c31e9f5ad53a356adf9dd
name: Mira.h
new_size: 150KB (153811bytes)
operation: 修改文件
path: C:\ProgramData\Saaaalamm\Mira.h
processid: 2096
processname: 1621092637912_8b6cd6ec89e681e90c10c83efb16db46.exe
sha1: 4e9b2d208dc3c3a6e23decb0a7d7381c73f7b101
sha256: f6bc441488529eadccfef115d11fa10c5cb8cb125b6c08c52a2bbc144bd4f7d8
size: 153811
this_path: /data/cuckoo/storage/analyses/5000469/files/1001/Mira.h
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 8393d24d53e94b255601dfe082814df2
name: $Recycle.Bin .exe
new_size: 410KB (420714bytes)
operation: 修改文件
path: C:\$Recycle.Bin .exe
processid: 2668
processname: vfulkg.exe
sha1: 48b76e6360f45801e8b3f8dac4010b1b0d8a3d51
sha256: 4d9eb2159053dba156e067a5de3467e9eca9d4a963f2f8f87e46ce1297c3ba3b
size: 420714
this_path: /data/cuckoo/storage/analyses/5000469/files/1002/$Recycle.Bin .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 91c5cb5fffeb2882f89e5a90854a5983
name: AiFUjKn .exe
new_size: 410KB (420714bytes)
operation: 修改文件
path: C:\AiFUjKn .exe
processid: 2668
processname: vfulkg.exe
sha1: 5a34f2ad15f2cbc5e589ac0096519899c5343de2
sha256: 0376257954b38b6f4045905f1063e7f83d979373888f3a784624b6643c92aa45
size: 420714
this_path: /data/cuckoo/storage/analyses/5000469/files/1003/AiFUjKn .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 8a00a6deb6fdda9761b291cbb9e61f92
name: Documents and Settings .exe
new_size: 410KB (420714bytes)
operation: 修改文件
path: C:\Documents and Settings .exe
processid: 2668
processname: vfulkg.exe
sha1: 7a43a9e262dbae07608c8b1862ed63989dacc7d9
sha256: cdec5750311282e3490ddb9771c41cff03d739d86b6f2a9963e62e2c54a9780c
size: 420714
this_path: /data/cuckoo/storage/analyses/5000469/files/1004/Documents and Settings .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 569817e171d4986b4494b070be67fec3
name: FCqvivKXg .exe
new_size: 410KB (420714bytes)
operation: 修改文件
path: C:\FCqvivKXg .exe
processid: 2668
processname: vfulkg.exe
sha1: 3fc8ce40b170d1ddfdfc1892eeaa75e5f4340b72
sha256: c9642874515bf94743dc07907ced87acdf3478eec0c4bb910615b777b6a59cfa
size: 420714
this_path: /data/cuckoo/storage/analyses/5000469/files/1005/FCqvivKXg .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 41e0eb71fd2e9c14231944db5e05afc9
name: mnlsx .exe
new_size: 410KB (420714bytes)
operation: 修改文件
path: C:\mnlsx .exe
processid: 2668
processname: vfulkg.exe
sha1: 19d8dd2ce157192ab71cf2da29818048fa17855b
sha256: 19da1f95cd22cc762e308b62d33ce3279e40070d64a7df4f6a1db10b58616022
size: 420714
this_path: /data/cuckoo/storage/analyses/5000469/files/1006/mnlsx .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: d4da0e5a668e1a3b2a9011bad8659709
name: MSOCache .exe
new_size: 410KB (420714bytes)
operation: 修改文件
path: C:\MSOCache .exe
processid: 2668
processname: vfulkg.exe
sha1: 5fa4a4c0424b84ace0e8565d5855dc40a6f44fb2
sha256: 75ca0aff28d39b0d87abfc5881a7e30f959d6111c28b49cd5e136e4c8d92a6ed
size: 420714
this_path: /data/cuckoo/storage/analyses/5000469/files/1007/MSOCache .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: e26ab66b37a26ededa1bf4c5ada7341e
name: OZZJDMNMNHD .exe
new_size: 410KB (420714bytes)
operation: 修改文件
path: C:\OZZJDMNMNHD .exe
processid: 2668
processname: vfulkg.exe
sha1: f8ceccda45a6d8a9f16e68e0b36f46ab1f965c47
sha256: 30968786df58d1ce1ea7d15e477b8359d580918e95f3798fc3e439a9d8b65cfb
size: 420714
this_path: /data/cuckoo/storage/analyses/5000469/files/1008/OZZJDMNMNHD .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 5b7a3d559f429658f2cf02b9589ced33
name: pagefile.sys .exe
new_size: 410KB (420714bytes)
operation: 修改文件
path: C:\pagefile.sys .exe
processid: 2668
processname: vfulkg.exe
sha1: f8c1e02d0ab989af4ba65cfc51fff719aa18ddaf
sha256: d7b268562b56c18fbdbb8ccf77943e0485faf893f49e7f86ab89b2f2ce1bfee3
size: 420714
this_path: /data/cuckoo/storage/analyses/5000469/files/1009/pagefile.sys .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: b4e72290481f07a7cdb445e1131e8590
name: PerfLogs .exe
new_size: 410KB (420714bytes)
operation: 修改文件
path: C:\PerfLogs .exe
processid: 2668
processname: vfulkg.exe
sha1: 15fa4a928b1842b5b49dc7f491efc7790f877256
sha256: 7aec89e94daeb590b3349767b89bc943d526416411c1d66d6bb84190bbd028b3
size: 420714
this_path: /data/cuckoo/storage/analyses/5000469/files/1010/PerfLogs .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: f634b325b22b3547a8f0b5afa6983e78
name: Program Files .exe
new_size: 410KB (420714bytes)
operation: 修改文件
path: C:\Program Files .exe
processid: 2668
processname: vfulkg.exe
sha1: 705b286e15b294928b076b79beaa194c566d9a55
sha256: 39ca8168c41e6442e62fcc769a2d73e49ce0ae278d9150f8ed96be345e384656
size: 420714
this_path: /data/cuckoo/storage/analyses/5000469/files/1011/Program Files .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 8d13bda20f261c4549d1ac835263b48b
name: Program Files (x86) .exe
new_size: 410KB (420714bytes)
operation: 修改文件
path: C:\Program Files (x86) .exe
processid: 2668
processname: vfulkg.exe
sha1: e7939e8a036c1c56b56eeb5674df1dfd1b21ff58
sha256: d6e1fcd91b815b22ef8a5c0cc6d1a2600e3e75089a047fe16438d35ba681aa20
size: 420714
this_path: /data/cuckoo/storage/analyses/5000469/files/1012/Program Files (x86) .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 99fbd97e3fddffc14c711140052a79eb
name: ProgramData .exe
new_size: 410KB (420714bytes)
operation: 修改文件
path: C:\ProgramData .exe
processid: 2668
processname: vfulkg.exe
sha1: f0369eec01e55d2a180a239fd802c4b6fe3126f5
sha256: 0e5d772aa1a747681ce67c7fdb089e82cd8c66a4137ddb6627ddf74abcd23641
size: 420714
this_path: /data/cuckoo/storage/analyses/5000469/files/1013/ProgramData .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: e3c1c9a9c50fc79e749f6d019bbb6f56
name: Python27 .exe
new_size: 410KB (420714bytes)
operation: 修改文件
path: C:\Python27 .exe
processid: 2668
processname: vfulkg.exe
sha1: 47c6d7eb997f5e97fd126aeca83e65c3b602da6a
sha256: 43125a3fa7d1a1a7397ea6fc8adf69cca3a1e567b9022bf117af404756558316
size: 420714
this_path: /data/cuckoo/storage/analyses/5000469/files/1014/Python27 .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 37c6ac4d7c2503a1df9c1c5f9cd7d20d
name: Recovery .exe
new_size: 410KB (420714bytes)
operation: 修改文件
path: C:\Recovery .exe
processid: 2668
processname: vfulkg.exe
sha1: e709b31a7e8b054851fc9c589ac062721a3c0910
sha256: 05226a107ceb6537594a58d191b0467fbf2886259d018d303d088fc0f9ec3d8e
size: 420714
this_path: /data/cuckoo/storage/analyses/5000469/files/1015/Recovery .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: b78b4d2050fc884ec0de29eda9fc5e8b
name: System Volume Information .exe
new_size: 410KB (420714bytes)
operation: 修改文件
path: C:\System Volume Information .exe
processid: 2668
processname: vfulkg.exe
sha1: 233f9fde1a6c260841c22b74b955be02a2651588
sha256: 881c696ba9d7a5ac496fe3e59815a1264956b1c775dc802040bc9258a7d338c1
size: 420714
this_path: /data/cuckoo/storage/analyses/5000469/files/1016/System Volume Information .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: e8af291d623eb64f7c63e43ab41b44eb
name: Users .exe
new_size: 410KB (420714bytes)
operation: 修改文件
path: C:\Users .exe
processid: 2668
processname: vfulkg.exe
sha1: e4029826ca7fdc8ba6dcada1db2328e72e81e56d
sha256: ec49b57829a6ece3cdc87a92167266d7e0ab3223b7d9f13ad0da52ea218155d1
size: 420714
this_path: /data/cuckoo/storage/analyses/5000469/files/1017/Users .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: f71686dbb6dc04fd53a602f8a04969b9
name: Windows .exe
new_size: 27KB (28616bytes)
operation: 修改文件
path: C:\Windows .exe
processid: 2668
processname: vfulkg.exe
sha1: 29d3b22ce84cbbc06ffdc30b942ce138dd0c2c1a
sha256: 209abebd0fca051ddc2b5ff7a14464bc4482e5829ef3f05ad95eedcb1c307358
size: 28616
this_path: /data/cuckoo/storage/analyses/5000469/files/1018/Windows .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows

 Dropped Unsave

analysis_result: Trojan.Win32.Agent.nezvfi
create: 0
how: write
md5: 7abf1f21afd2226dd2300a3e4e3fd254
name: vfulkg.exe
new_size: 260KB (266891bytes)
operation: 修改文件
path: C:\ProgramData\vfulkg.exe
processid: 2096
processname: 1621092637912_8b6cd6ec89e681e90c10c83efb16db46.exe
sha1: bdf606f5a86d9a5071951ed88429daca16701c0d
sha256: 1c077734a05b1de585ec46c3ef84e42080d8e854e801f4354ecd3d168e6d2171
size: 266891
this_path: /data/cuckoo/storage/analyses/5000469/files/1000/vfulkg.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows

 Malicious

attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 3
process_id: 2096
process_name: 1621092637912_8b6cd6ec89e681e90c10c83efb16db46.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 30
process_id: 2096
process_name: 1621092637912_8b6cd6ec89e681e90c10c83efb16db46.exe
rulename: 遍历文件
attck_tactics: 防御逃逸
level: 2
matchedinfo: 通过修改查看隐藏文件设置,达到隐藏文件的目的
num: 180
process_id: 2096
process_name: 1621092637912_8b6cd6ec89e681e90c10c83efb16db46.exe
rulename: 获取隐藏文件设置
attck_tactics: 持久化
level: 2
matchedinfo: 恶意程序通过修改注册表的方式实现随系统自启动,以达到长期控制或驻留系统的目的
num: 8
process_id: 2668
process_name: vfulkg.exe
rulename: 写入自启动注册表,增加自启动2
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 18
process_id: 2668
process_name: vfulkg.exe
rulename: 遍历文件