VirSCAN VirSCAN

1, Sie können jede Datei UPLOADEN, aber beachten Sie das 20 MB Limit pro Datei.
2, VirSCAN unterstützt ZIP und RAR mit weniger als 20 Dateien im Archiv
3, VirSCAN unterstützt die Standard Passwörter 'infected' und 'virus' bei Archiven.

Sprache
Server Auslastung
Server Load
VirSCAN
VirSCAN

1, Sie können jede Datei UPLOADEN, aber beachten Sie das 20 MB Limit pro Datei.
2, VirSCAN unterstützt ZIP und RAR mit weniger als 20 Dateien im Archiv
3, VirSCAN unterstützt die Standard Passwörter 'infected' und 'virus' bei Archiven.

7fd18e55aca675553ff415537d7a1c94    Hybrid-Analysebericht

Grundlegende Informationen

Dateiname: 7fd18e55aca675553ff415537d7a1c94
Dateigröße: 1115648
Dateityp: PE32 executable (GUI) Intel 80386, for MS Windows
Einreichungszeit: 2019-07-29 08:20:46
MD5: 7fd18e55aca675553ff415537d7a1c94
sha1: c9cca146adda74dc5308a79a1ba0c8f5b04d654e
sha256: 022e844a6cd92f865ae20923a17ba5041a3999e857b0253a0c367ed2a0221889
enviorment_description: Windows 7 32 bit (HWP Support)
threat_score: 100
threat_level: 2
verdict: malicious
total_processes: 1
total_signatures: 39
file_analysis: 3
mitre_attcks:
tactic: Execution
technique: Service Execution
attck_id: T1035
attck_id_wiki: https://attack.mitre.org/wiki/Technique/T1035
malicious_identifiers_count: 0
suspicious_identifiers_count: 1
informative_identifiers_count: 0
tactic: Persistence
technique: Hooking
attck_id: T1179
attck_id_wiki: https://attack.mitre.org/wiki/Technique/T1179
malicious_identifiers_count: 0
suspicious_identifiers_count: 1
informative_identifiers_count: 0
tactic: Persistence
technique: Bootkit
attck_id: T1067
attck_id_wiki: https://attack.mitre.org/wiki/Technique/T1067
malicious_identifiers_count: 1
suspicious_identifiers_count: 0
informative_identifiers_count: 0
tactic: Persistence
technique: Kernel Modules and Extensions
attck_id: T1215
attck_id_wiki: https://attack.mitre.org/wiki/Technique/T1215
malicious_identifiers_count: 0
suspicious_identifiers_count: 0
informative_identifiers_count: 1
tactic: Privilege Escalation
technique: Hooking
attck_id: T1179
attck_id_wiki: https://attack.mitre.org/wiki/Technique/T1179
malicious_identifiers_count: 0
suspicious_identifiers_count: 1
informative_identifiers_count: 0
tactic: Privilege Escalation
technique: Process Injection
attck_id: T1055
attck_id_wiki: https://attack.mitre.org/wiki/Technique/T1055
malicious_identifiers_count: 0
suspicious_identifiers_count: 2
informative_identifiers_count: 0
tactic: Defense Evasion
technique: Process Injection
attck_id: T1055
attck_id_wiki: https://attack.mitre.org/wiki/Technique/T1055
malicious_identifiers_count: 0
suspicious_identifiers_count: 2
informative_identifiers_count: 0
tactic: Credential Access
technique: Hooking
attck_id: T1179
attck_id_wiki: https://attack.mitre.org/wiki/Technique/T1179
malicious_identifiers_count: 0
suspicious_identifiers_count: 1
informative_identifiers_count: 0
tactic: Discovery
technique: Application Window Discovery
attck_id: T1010
attck_id_wiki: https://attack.mitre.org/wiki/Technique/T1010
malicious_identifiers_count: 0
suspicious_identifiers_count: 0
informative_identifiers_count: 1
tactic: Discovery
technique: System Time Discovery
attck_id: T1124
attck_id_wiki: https://attack.mitre.org/wiki/Technique/T1124
malicious_identifiers_count: 0
suspicious_identifiers_count: 0
informative_identifiers_count: 1
tactic: Discovery
technique: Query Registry
attck_id: T1012
attck_id_wiki: https://attack.mitre.org/wiki/Technique/T1012
malicious_identifiers_count: 0
suspicious_identifiers_count: 3
informative_identifiers_count: 0
tactic: Discovery
technique: Peripheral Device Discovery
attck_id: T1120
attck_id_wiki: https://attack.mitre.org/wiki/Technique/T1120
malicious_identifiers_count: 1
suspicious_identifiers_count: 0
informative_identifiers_count: 2
tactic: Discovery
technique: File and Directory Discovery
attck_id: T1083
attck_id_wiki: https://attack.mitre.org/wiki/Technique/T1083
malicious_identifiers_count: 1
suspicious_identifiers_count: 0
informative_identifiers_count: 0
tactic: Discovery
technique: System Information Discovery
attck_id: T1082
attck_id_wiki: https://attack.mitre.org/wiki/Technique/T1082
malicious_identifiers_count: 0
suspicious_identifiers_count: 1
informative_identifiers_count: 0
tactic: Lateral Movement
technique: Remote Desktop Protocol
attck_id: T1076
attck_id_wiki: https://attack.mitre.org/wiki/Technique/T1076
malicious_identifiers_count: 0
suspicious_identifiers_count: 1
informative_identifiers_count: 0
tactic: Collection
technique: Clipboard Data
attck_id: T1115
attck_id_wiki: https://attack.mitre.org/wiki/Technique/T1115
malicious_identifiers_count: 0
suspicious_identifiers_count: 1
informative_identifiers_count: 0
tactic: Exfiltration
technique: Data Compressed
attck_id: T1002
attck_id_wiki: https://attack.mitre.org/wiki/Technique/T1002
malicious_identifiers_count: 0
suspicious_identifiers_count: 0
informative_identifiers_count: 1

Dokumentanalysebericht

uuid: java:java.util.UUID
xmlns: http://www.misp-project.org/
Event
id: 3d00996a-3cd7-4c45-afea-86089d76f769
date: 2019-06-27
info: Falcon Sandbox auto-generated for \"022e844a6cd92f865ae20923a17ba5041a3999e857b0253a0c367ed2a0221889\"
analysis: 2
distribution: 1
published: 1
Attribute
category: External analysis
type: link
value: https://www.hybrid-analysis.com/search?query=022e844a6cd92f865ae20923a17ba5041a3999e857b0253a0c367ed2a0221889
distribution: 1
category: External analysis
type: comment
value: Falcon Sandbox v8.30 Copyright 2019 Hybrid Analysis GmbH, All Rights Reserved, www.payload-security.com
distribution: 1
category: Payload delivery
type: filename|md5
value: 022e844a6cd92f865ae20923a17ba5041a3999e857b0253a0c367ed2a0221889|7fd18e55aca675553ff415537d7a1c94
distribution: 1
category: Payload delivery
type: filename|sha1
value: 022e844a6cd92f865ae20923a17ba5041a3999e857b0253a0c367ed2a0221889|c9cca146adda74dc5308a79a1ba0c8f5b04d654e
distribution: 1
category: Payload delivery
type: filename|sha256
value: 022e844a6cd92f865ae20923a17ba5041a3999e857b0253a0c367ed2a0221889|022e844a6cd92f865ae20923a17ba5041a3999e857b0253a0c367ed2a0221889
distribution: 1
category: Payload delivery
type: filename|sha512
value: 022e844a6cd92f865ae20923a17ba5041a3999e857b0253a0c367ed2a0221889|6a911ba8ef500454ff39cad80202881c12ed7adccc138fdace116b508af673fe0d6dfbb4e45448837121e60a4fdaa3f16f4a38f8cebaa8b6e8514ad495ce9adb
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\ÃÛ³Æ|6E002F0061000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\¹«Ë¾|6E002F0061000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\ÆÔ¶¯Ê±×ÎС»¯|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\»¹Ô­Î»ÖÃ|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\X1|D7000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\Y1|2B000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\X2|29030000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\Y2|18020000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\ËÙÑ¡±ÊÇ©|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\ÔÊÐÍΜÇÔ´¸Ü¸Ä|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\ɨÃÈ A B Çݶ¯Æ÷|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\ÏÔʾÇݶ¯Æ÷ÐÒÁкÅ|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\ÏÔʾÇݶ¯Æ÷ºÅ|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\ËÙÑ¡Çݶ¯Æ÷|0000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\ËÙÑ¡²ÂÊÔ|07000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\ÍÊÕÛ²ÂÊÔ|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\ʱ¼Ä|E8030000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\¿É´ÓС|80000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\TR FULL CAPACITY|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\TR SHORT STROKE|28000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\TR INCLUDE RAW|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\TR PASSES|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\AT FULL CAPACITY|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\AT SHORT STROKE|28000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\AT 4K ALIGN|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\HE UPDATE INTERVAL|2C010000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\HE MONITOR TESTS|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\HE SAVE LOG|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\HE LOG PATH|43003A005C00550073006500720073005C0048004100500055004200570053005C0041007000700044006100740061005C0052006F0061006D0069006E0067005C00480044002000540075006E0065002000500072006F000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\MO ZERO INIT|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\MO REMOVE MASK|07000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\MO INACTIVITY TIME|3C000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\MO FILTER|0000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\Îļ޴ÓС|0B000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\дÈËÑÓ³Ù|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\FT CAPACITY|F4010000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\FT QUEUEDEPTH|20000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\FT TRANSFER|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\FT BLOCKSIZE|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\FT CAPACITY BLOCK|05000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\FT DATA PATTERN|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\TEST MASK|FFFD0000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\ET FULL CAPACITY|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\ET SHORT STROKE|28000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\ET 4K ALIGN|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\TEST PARAMETERS 1|440046002000330032002000450031002000390038002000320043002000350039002000450046002000410038002000420045002000410033002000410041002000450046002000370039002000440032002000310038002000370044000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\TEST PARAMETERS 6|300030002000300030002000300030002000300030002000300030002000300030002000300030002000300030002000300030002000300030002000300030002000300043002000300030002000300030002000300030002000300030000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\TEST PARAMETERS 3|300030002000300030002000300030002000300030002000300030002000300030002000300030002000300030002000300030002000300030002000300030002000300030002000300030002000300030002000300030002000300030000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\ζÈΜ¥Î»|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\ζÈÏÔʾÁ½¸ÖΜ¥Ôª|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\ζÈÍÐÅÌͼ±Ê|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\ζÈÑÕÉ«|FFFFFF00
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\ÁÙ½ÇζÈÑÕÉ«|FF000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\ÁÙ½ÇζÈ|37000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\OPEN FILE DIALOG|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\ÌÆ»»¿Õ¼Ä|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\×Ô¶¯±£´Æ|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\±£´Æ·¾¶|43003A005C00550073006500720073005C0048004100500055004200570053005C0044006F00630075006D0065006E00740073000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\±£´Æ¹ÝÂËÆ÷|480044002000540075006E0065002000500072006F005C0025004E002000250053005C00250046002000250049005C00250044002000250054000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\ÈÕÆÚ¸Ñʽ|0000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\ʱ¼Ä¸Ñʽ|0000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\Îļ޸Ñʽ|04000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\¶ÁÈ¡ÑÕÉ«|00C0FF00
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\EFD SOFTWARE\7FD18E55ACA675553FF415537D7A1C94\дÈËÑÕÉ«|FF800000
distribution: 1