VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load
VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Basic Information

file name: 00共和国之辉
file size: 473594
file type: application/x-dosexec
MD5: 57c7a6af5882f8d155f5684161f92adc
sha1: a1c1def20a946f83fed13b1112cf5439fd987deb

 CreateProcess

ApplicationName:
CmdLine:
childid: 2256
childname: 1620779431984_57c7a6af5882f8d155f5684161f92adc.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\1620779431984_57c7a6af5882f8d155f5684161f92adc.exe
drop_type:
name:
noNeedLine:
path:
pid: 2476

 Dropped Unsave

analysis_result: Backdoor.Win32.Delf.cst
create: 0
how: copy
md5: 57c7a6af5882f8d155f5684161f92adc
name: DAoC fix.exe
new_size: 462KB (473594bytes)
operation: 拷贝覆盖文件
path: C:\Windows\win32dc\DAoC fix.exe
processid: 2256
processname: 1620779431984_57c7a6af5882f8d155f5684161f92adc.exe
sha1: a1c1def20a946f83fed13b1112cf5439fd987deb
sha256: 22418192eda6806b8bb51e6325d0f7474d08887324c13f005a6512e40ca49310
size: 473594
this_path: /data/cuckoo/storage/analyses/2000756/files/1000/DAoC fix.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: Backdoor.Win32.Delf.cst
create: 0
how: write
md5: 8c597517d30a0cd30df2be77542ed066
name: FlatOut + nocd.exe
new_size: 465KB (476667bytes)
operation: 修改文件
path: C:\Windows\win32dc\FlatOut + nocd.exe
processid: 2256
processname: 1620779431984_57c7a6af5882f8d155f5684161f92adc.exe
sha1: 817021f424472e47d53a2d773de72e3128bd63ce
sha256: 9c81634c0817ef58d896ad1587877f095325aab5f2bf906c1ae637d40a21c1aa
size: 476667
this_path: /data/cuckoo/storage/analyses/2000756/files/1001/FlatOut + nocd.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: Backdoor.Win32.Delf.cst
create: 0
how: write
md5: ccdf5287929248e58571504d50a891bd
name: Quake3 trainer.exe
new_size: 464KB (475643bytes)
operation: 修改文件
path: C:\Windows\win32dc\Quake3 trainer.exe
processid: 2256
processname: 1620779431984_57c7a6af5882f8d155f5684161f92adc.exe
sha1: a4988d0f475fe79dbfd79ab8f090b893e84c7536
sha256: ca60884c1552dfc582839efc793670eb3dab7aea37f7230c5057db1c4c7dbbf3
size: 475643
this_path: /data/cuckoo/storage/analyses/2000756/files/1002/Quake3 trainer.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: Backdoor.Win32.Delf.cst
create: 0
how: copy
md5: 57c7a6af5882f8d155f5684161f92adc
name: UT2004 hack.exe
new_size: 462KB (473594bytes)
operation: 拷贝覆盖文件
path: C:\Windows\win32dc\UT2004 hack.exe
processid: 2256
processname: 1620779431984_57c7a6af5882f8d155f5684161f92adc.exe
sha1: a1c1def20a946f83fed13b1112cf5439fd987deb
sha256: 22418192eda6806b8bb51e6325d0f7474d08887324c13f005a6512e40ca49310
size: 473594
this_path: /data/cuckoo/storage/analyses/2000756/files/1003/UT2004 hack.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: Backdoor.Win32.Delf.cst
create: 0
how: write
md5: 33a657c8467e08c8856fcc95eda9e96e
name: Quake3_hack.exe
new_size: 463KB (474619bytes)
operation: 修改文件
path: C:\Windows\win32dc\Quake3_hack.exe
processid: 2256
processname: 1620779431984_57c7a6af5882f8d155f5684161f92adc.exe
sha1: e293e85e9932f75344defea63b44403f1574d98d
sha256: dbcf3014609c902f9a03347a8e392b0ec2a219f9486fef726669fb32df28e933
size: 474619
this_path: /data/cuckoo/storage/analyses/2000756/files/1004/Quake3_hack.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: Backdoor.Win32.Delf.cst
create: 0
how: copy
md5: 57c7a6af5882f8d155f5684161f92adc
name: BattleField 1942(cdfix).exe
new_size: 462KB (473594bytes)
operation: 拷贝覆盖文件
path: C:\Windows\win32dc\BattleField 1942(cdfix).exe
processid: 2256
processname: 1620779431984_57c7a6af5882f8d155f5684161f92adc.exe
sha1: a1c1def20a946f83fed13b1112cf5439fd987deb
sha256: 22418192eda6806b8bb51e6325d0f7474d08887324c13f005a6512e40ca49310
size: 473594
this_path: /data/cuckoo/storage/analyses/2000756/files/1005/BattleField 1942(cdfix).exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: Backdoor.Win32.Delf.cst
create: 0
how: write
md5: 4ca0341b38e2c5a987317fcdcbcf6d27
name: Doom 3 cdfix.exe
new_size: 466KB (477691bytes)
operation: 修改文件
path: C:\Windows\win32dc\Doom 3 cdfix.exe
processid: 2256
processname: 1620779431984_57c7a6af5882f8d155f5684161f92adc.exe
sha1: b8b2203bf0055c5170f5dcebc8cb26655c73e9c6
sha256: ce60c63f95da8a617a794877f5edcfb1dd40af414ccceebff09b6f2fd457ad25
size: 477691
this_path: /data/cuckoo/storage/analyses/2000756/files/1006/Doom 3 cdfix.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: Backdoor.Win32.Delf.cst
create: 0
how: write
md5: 47714115a58e8b512fec916c90ba0290
name: BattleField 1942 trainer.exe
new_size: 463KB (474619bytes)
operation: 修改文件
path: C:\Windows\win32dc\BattleField 1942 trainer.exe
processid: 2256
processname: 1620779431984_57c7a6af5882f8d155f5684161f92adc.exe
sha1: 095d75f52f36c90191a14d94cb59d6fe43647e6e
sha256: 54b58fcf6d67d478af60b4d2066afa7e32ad30740c976295ac980a5b5ed5db6c
size: 474619
this_path: /data/cuckoo/storage/analyses/2000756/files/1007/BattleField 1942 trainer.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: Backdoor.Win32.Delf.cst
create: 0
how: write
md5: 5f67ffe34d0f1c028511b76f63cec8bb
name: FlatOut cheat.exe
new_size: 464KB (475643bytes)
operation: 修改文件
path: C:\Windows\win32dc\FlatOut cheat.exe
processid: 2256
processname: 1620779431984_57c7a6af5882f8d155f5684161f92adc.exe
sha1: 96e56c009593783db0c1721e9b3988481d5ae949
sha256: d73fc5629cfb267a2ddc75b807e749ea6c732fbb36ff215311614ecebb899f22
size: 475643
this_path: /data/cuckoo/storage/analyses/2000756/files/1008/FlatOut cheat.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: Backdoor.Win32.Delf.cst
create: 0
how: write
md5: 9b68f3faf741d3eb4f776f33d0a12f3b
name: BattleField 1942_trainer.exe
new_size: 466KB (477691bytes)
operation: 修改文件
path: C:\Windows\win32dc\BattleField 1942_trainer.exe
processid: 2256
processname: 1620779431984_57c7a6af5882f8d155f5684161f92adc.exe
sha1: d5160881615be0c4bda52fdf2d14dee561380e57
sha256: 46b71343ab768f7ada1948938e1d60913ed67c4be0d016fed47f5ad2e4e2b40b
size: 477691
this_path: /data/cuckoo/storage/analyses/2000756/files/1009/BattleField 1942_trainer.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows

 Malicious

attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 9
process_id: 2256
process_name: 1620779431984_57c7a6af5882f8d155f5684161f92adc.exe
rulename: 拷贝文件到系统目录