VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load
VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Basic Information

file name: 00人面桃花
file size: 78275
file type: application/x-dosexec
MD5: d89fe27d640366438e5f9ca8429037c7
sha1: abe775fc49c8e0b926076350d906ba400a012146

 CreateProcess

ApplicationName:
CmdLine:
childid: 1388
childname: load-x86.exe
childpath: C:\SDGAUUERDE\bin\load-x86.exe
drop_type:
name:
noNeedLine:
path:
pid: 2928

 Behavior_analysis

message: 企图通过长时间休眠躲避沙箱检测
name: 长时间休眠
szSubkey:
score: 2

 Malicious

attck_tactics: 基础信息获取
level: 1
matchedinfo: 恶意程序通过调用关键api的获取系统的用户名,以达到收集用户信息的目的
num: 286
process_id: 1388
process_name: load-x86.exe
rulename: 获取当前用户名
attck_tactics: 其他恶意行为
level: 2
matchedinfo: 调用WriteProcessMemory将数据写入其它进程地址空间,以达到注入shellcode或恶意dll。
num: 298
process_id: 1388
process_name: load-x86.exe
rulename: 将数据写入远程进程
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过遍历系统中进程,可以用于特定杀软逃逸、虚拟机逃逸等
num: 371
process_id: 1388
process_name: load-x86.exe
rulename: 遍历系统中的进程