VirSCAN VirSCAN

1, Sie können jede Datei UPLOADEN, aber beachten Sie das 20 MB Limit pro Datei.
2, VirSCAN unterstützt ZIP und RAR mit weniger als 20 Dateien im Archiv
3, VirSCAN unterstützt die Standard Passwörter 'infected' und 'virus' bei Archiven.
4, Wenn Ihr Browser keine Dateien hochladen kann, laden Sie bitte VirSCAN-Uploader herunter.

Sprache
Server Auslastung
Server Load
VirSCAN
VirSCAN

1, Sie können jede Datei UPLOADEN, aber beachten Sie das 20 MB Limit pro Datei.
2, VirSCAN unterstützt ZIP und RAR mit weniger als 20 Dateien im Archiv
3, VirSCAN unterstützt die Standard Passwörter 'infected' und 'virus' bei Archiven.

Grundlegende Informationen

Dateiname: 00Iobit_Uninstaller_官方最新版v6.2.0.934
Dateigröße: 737296
Dateityp: application/x-dosexec
MD5: 704b561da7eade68b91360372f864032
sha1: c35dc89e284f54e2ca0eae41a2a2fb8b989e0434

 CreateProcess

ApplicationName: C:\ProgramData\qmtlis.exe
CmdLine:
childid: 2736
childname: qmtlis.exe
childpath: C:\ProgramData\qmtlis.exe
drop_type: 1
name: 1616252417693_704b561da7eade68b91360372f864032.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1616252417693_704b561da7eade68b91360372f864032.exe
pid: 2144
ApplicationName:
CmdLine:
childid: 2144
childname: 1616252417693_704b561da7eade68b91360372f864032.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\1616252417693_704b561da7eade68b91360372f864032.exe
drop_type:
name:
noNeedLine:
path:
pid: 2616

 Summary

buffer: C:\ProgramData\qmtlis.exe
processid: 2736
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
type: REG_SZ
valuename: Microsoft\xae Windows\xae Operating System

 Dropped Unsave

analysis_result: Trojan.Win32.Agent.nezvfi
create: 0
how: write
md5: d66972906855e2ca96a2b5c4b9667f6c
name: qmtlis.exe
new_size: 339KB (347896bytes)
operation: 修改文件
path: C:\ProgramData\qmtlis.exe
processid: 2144
processname: 1616252417693_704b561da7eade68b91360372f864032.exe
sha1: b8aadca74a477183b4c8b82fbdb21254e3d1b7f1
sha256: 5e11e5cf657c48d16edb8ad6d1444f4921786138983e931494fdf4997a80cee0
size: 347896
this_path: /data/cuckoo/storage/analyses/7000214/files/1000/qmtlis.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: Packed.Win32.Krap.jc
create: 0
how: write
md5: 751cb36cbed40e557692e663cc678f45
name: Mira.h
new_size: 380KB (389390bytes)
operation: 修改文件
path: C:\ProgramData\Saaaalamm\Mira.h
processid: 2144
processname: 1616252417693_704b561da7eade68b91360372f864032.exe
sha1: 32c77583357e70ae7ead25dfa39578b4c9d47d17
sha256: 8c22533207ec41f971f8985b7566be3ce5d73d0f50a96817d7f038aca3326d20
size: 389390
this_path: /data/cuckoo/storage/analyses/7000214/files/1001/Mira.h
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: Packed.Win32.Krap.jc
create: 0
how: write
md5: 96b713ded292b4ec4c9072bf938a146a
name: $Recycle.Bin .exe
new_size: 720KB (737298bytes)
operation: 修改文件
path: C:\$Recycle.Bin .exe
processid: 2736
processname: qmtlis.exe
sha1: 3f96b53d7cb3b84004ffafff8266dff6bff58068
sha256: 9fd76b2df58ca478cec0e0dea2b58a5486a66c8ecb9395b6efb8332ea41efffd
size: 737298
this_path: /data/cuckoo/storage/analyses/7000214/files/1002/$Recycle.Bin .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: Packed.Win32.Krap.jc
create: 0
how: write
md5: 8a08a9cd41e926ecd4b31671b547d692
name: Documents and Settings .exe
new_size: 720KB (737298bytes)
operation: 修改文件
path: C:\Documents and Settings .exe
processid: 2736
processname: qmtlis.exe
sha1: 5c44fb72fb9230e7b159f0876a162a2407968d98
sha256: ed0098a6ea2a9c64a95e81bab4db38bfb9c48f3567301585568bf2fac4336797
size: 737298
this_path: /data/cuckoo/storage/analyses/7000214/files/1003/Documents and Settings .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: Packed.Win32.Krap.jc
create: 0
how: write
md5: d5abe2edf2686bff551a263754c27b6c
name: HOITMDMPMEX .exe
new_size: 720KB (737298bytes)
operation: 修改文件
path: C:\HOITMDMPMEX .exe
processid: 2736
processname: qmtlis.exe
sha1: 402108f274dd53588b5fb4c77b28d62448dc9c8f
sha256: cb79b8b5da4585662e6f5e30dff52403185c234dfce2a8cdd60acd278ed18034
size: 737298
this_path: /data/cuckoo/storage/analyses/7000214/files/1004/HOITMDMPMEX .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: Packed.Win32.Krap.jc
create: 0
how: write
md5: d4c3feece33119b5a87fe02d88318f7e
name: ibRjcPLqul .exe
new_size: 720KB (737298bytes)
operation: 修改文件
path: C:\ibRjcPLqul .exe
processid: 2736
processname: qmtlis.exe
sha1: f6a1571ba041cbe00ff8828f75bad6b282e0dd2d
sha256: 1d60dc7b4cb9fd68105a360ea50a2d26828095a0168df44dc26d3e956e0df6d0
size: 737298
this_path: /data/cuckoo/storage/analyses/7000214/files/1005/ibRjcPLqul .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: Packed.Win32.Krap.jc
create: 0
how: write
md5: be4349c9e72262cc26a35abe3ee5c59e
name: mnlsx .exe
new_size: 720KB (737298bytes)
operation: 修改文件
path: C:\mnlsx .exe
processid: 2736
processname: qmtlis.exe
sha1: 0d35d9eabb0768590393a296f3ddbe9a476ffd6d
sha256: 536723ac4ce313484d894ba995f7d9e58f4616cbad6c176aeb531ad399974ea6
size: 737298
this_path: /data/cuckoo/storage/analyses/7000214/files/1006/mnlsx .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: Packed.Win32.Krap.jc
create: 0
how: write
md5: 4c0d4c0107ccd6b48a8b0475cbe718db
name: MSOCache .exe
new_size: 720KB (737298bytes)
operation: 修改文件
path: C:\MSOCache .exe
processid: 2736
processname: qmtlis.exe
sha1: 424dedfc281db216fc8ac8ef0f975433831b62f0
sha256: d8e10c75dc2f77affe867474063ddd1085370184d792fcae0ab692468efc1234
size: 737298
this_path: /data/cuckoo/storage/analyses/7000214/files/1007/MSOCache .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: Packed.Win32.Krap.jc
create: 0
how: write
md5: c801704f1da0a850ca5147285b6f83c1
name: pagefile.sys .exe
new_size: 720KB (737298bytes)
operation: 修改文件
path: C:\pagefile.sys .exe
processid: 2736
processname: qmtlis.exe
sha1: 4d7296d8fec5f982c36e95c515feb622d1071ee6
sha256: 8176a6bb713abf75eb2f53cadb338130d6a776404692e2036f6dda8cb2af0a10
size: 737298
this_path: /data/cuckoo/storage/analyses/7000214/files/1008/pagefile.sys .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: Packed.Win32.Krap.jc
create: 0
how: write
md5: 4da98085c789231965cd4287fa874724
name: PerfLogs .exe
new_size: 625KB (640283bytes)
operation: 修改文件
path: C:\PerfLogs .exe
processid: 2736
processname: qmtlis.exe
sha1: 274b28786f22dd657faae335a65e317d44f431d4
sha256: 6f45ba35d78c20cb25c101f5af9ab2fffb7e376064b2a2c571772293edbcf045
size: 640283
this_path: /data/cuckoo/storage/analyses/7000214/files/1009/PerfLogs .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows

 Malicious

attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 25
process_id: 2144
process_name: 1616252417693_704b561da7eade68b91360372f864032.exe
rulename: 遍历文件
attck_tactics: 防御逃逸
level: 2
matchedinfo: 通过修改查看隐藏文件设置,达到隐藏文件的目的
num: 175
process_id: 2144
process_name: 1616252417693_704b561da7eade68b91360372f864032.exe
rulename: 获取隐藏文件设置
attck_tactics: 持久化
level: 2
matchedinfo: 恶意程序通过修改注册表的方式实现随系统自启动,以达到长期控制或驻留系统的目的
num: 8
process_id: 2736
process_name: qmtlis.exe
rulename: 写入自启动注册表,增加自启动2
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 18
process_id: 2736
process_name: qmtlis.exe
rulename: 遍历文件