VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load
VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Basic Information

file name: 00白莲花
file size: 252937
file type: application/x-dosexec
MD5: c7312ad5b44dbadaa72b05ca35503430
sha1: 715c499e98812967d6d29a91b38b921e9783f529

 CreateProcess

ApplicationName:
CmdLine:
childid: 1504
childname: 1621189809511_c7312ad5b44dbadaa72b05ca35503430.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\1621189809511_c7312ad5b44dbadaa72b05ca35503430.exe
drop_type:
name:
noNeedLine:
path:
pid: 1148
ApplicationName:
CmdLine:
childid: 1904
childname: nslookup.exe
childpath: C:\Windows\SysWOW64\nslookup.exe
drop_type:
name: 1621189809511_c7312ad5b44dbadaa72b05ca35503430.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1621189809511_c7312ad5b44dbadaa72b05ca35503430.exe
pid: 1504
ApplicationName:
CmdLine:
childid: 2200
childname: nslookup.exe
childpath: C:\Windows\SysWOW64\nslookup.exe
drop_type:
name: 1621189809511_c7312ad5b44dbadaa72b05ca35503430.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1621189809511_c7312ad5b44dbadaa72b05ca35503430.exe
pid: 1504
ApplicationName:
CmdLine:
childid: 2204
childname: nslookup.exe
childpath: C:\Windows\SysWOW64\nslookup.exe
drop_type:
name: 1621189809511_c7312ad5b44dbadaa72b05ca35503430.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1621189809511_c7312ad5b44dbadaa72b05ca35503430.exe
pid: 1504
ApplicationName:
CmdLine:
childid: 2032
childname: nslookup.exe
childpath: C:\Windows\SysWOW64\nslookup.exe
drop_type:
name: 1621189809511_c7312ad5b44dbadaa72b05ca35503430.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1621189809511_c7312ad5b44dbadaa72b05ca35503430.exe
pid: 1504
ApplicationName:
CmdLine:
childid: 2760
childname: nslookup.exe
childpath: C:\Windows\SysWOW64\nslookup.exe
drop_type:
name: 1621189809511_c7312ad5b44dbadaa72b05ca35503430.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1621189809511_c7312ad5b44dbadaa72b05ca35503430.exe
pid: 1504
ApplicationName:
CmdLine:
childid: 2864
childname: nslookup.exe
childpath: C:\Windows\SysWOW64\nslookup.exe
drop_type:
name: 1621189809511_c7312ad5b44dbadaa72b05ca35503430.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1621189809511_c7312ad5b44dbadaa72b05ca35503430.exe
pid: 1504

 Dropped Unsave

analysis_result: HEUR:Trojan.Win32.Generic
create: 0
how: write
md5: 1c6b6e556f8bd00a629f29f5c604a895
name: isggkj.exe
new_size: 247KB (252937bytes)
operation: 修改文件
path: C:\Users\Administrator\AppData\Roaming\Microsoft\isggkj.exe
processid: 1504
processname: 1621189809511_c7312ad5b44dbadaa72b05ca35503430.exe
sha1: 5f915bbaec5b7f128d5ef83c40839da6cc595b04
sha256: 1ee9b8440ca4a5d3549e31307c85ae4ee27fe848451aad144372d00b06461604
size: 252937
this_path: /data/cuckoo/storage/analyses/7000697/files/1000/isggkj.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows

 Malicious

attck_tactics: 基础信息获取
level: 1
matchedinfo: 恶意程序通过获取用户网卡信息的方式,以达到获取敏感信息的目的
num: 245
process_id: 1904
process_name: nslookup.exe
rulename: 收集电脑网卡信息
attck_tactics: 命令与控制
level: 2
matchedinfo: 恶意程序可能连接非常规端口网络连接进行数据偷取操作
num: 291
process_id: 1904
process_name: nslookup.exe
rulename: 连接非常规端口
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意程序通过创建网络连接的方式,以达到通过网络连接进行通信的目的
num: 291
process_id: 1904
process_name: nslookup.exe
rulename: 创建网络套接字连接
attck_tactics: 基础信息获取
level: 1
matchedinfo: 恶意程序通过获取用户网卡信息的方式,以达到获取敏感信息的目的
num: 245
process_id: 2200
process_name: nslookup.exe
rulename: 收集电脑网卡信息
attck_tactics: 命令与控制
level: 2
matchedinfo: 恶意程序可能连接非常规端口网络连接进行数据偷取操作
num: 291
process_id: 2200
process_name: nslookup.exe
rulename: 连接非常规端口
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意程序通过创建网络连接的方式,以达到通过网络连接进行通信的目的
num: 291
process_id: 2200
process_name: nslookup.exe
rulename: 创建网络套接字连接
attck_tactics: 基础信息获取
level: 1
matchedinfo: 恶意程序通过获取用户网卡信息的方式,以达到获取敏感信息的目的
num: 245
process_id: 2204
process_name: nslookup.exe
rulename: 收集电脑网卡信息
attck_tactics: 命令与控制
level: 2
matchedinfo: 恶意程序可能连接非常规端口网络连接进行数据偷取操作
num: 291
process_id: 2204
process_name: nslookup.exe
rulename: 连接非常规端口
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意程序通过创建网络连接的方式,以达到通过网络连接进行通信的目的
num: 291
process_id: 2204
process_name: nslookup.exe
rulename: 创建网络套接字连接
attck_tactics: 基础信息获取
level: 1
matchedinfo: 恶意程序通过获取用户网卡信息的方式,以达到获取敏感信息的目的
num: 245
process_id: 2032
process_name: nslookup.exe
rulename: 收集电脑网卡信息
attck_tactics: 命令与控制
level: 2
matchedinfo: 恶意程序可能连接非常规端口网络连接进行数据偷取操作
num: 291
process_id: 2032
process_name: nslookup.exe
rulename: 连接非常规端口
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意程序通过创建网络连接的方式,以达到通过网络连接进行通信的目的
num: 291
process_id: 2032
process_name: nslookup.exe
rulename: 创建网络套接字连接
attck_tactics: 基础信息获取
level: 1
matchedinfo: 恶意程序通过获取用户网卡信息的方式,以达到获取敏感信息的目的
num: 245
process_id: 2760
process_name: nslookup.exe
rulename: 收集电脑网卡信息
attck_tactics: 命令与控制
level: 2
matchedinfo: 恶意程序可能连接非常规端口网络连接进行数据偷取操作
num: 291
process_id: 2760
process_name: nslookup.exe
rulename: 连接非常规端口
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意程序通过创建网络连接的方式,以达到通过网络连接进行通信的目的
num: 291
process_id: 2760
process_name: nslookup.exe
rulename: 创建网络套接字连接
attck_tactics: 基础信息获取
level: 1
matchedinfo: 恶意程序通过获取用户网卡信息的方式,以达到获取敏感信息的目的
num: 245
process_id: 2864
process_name: nslookup.exe
rulename: 收集电脑网卡信息
attck_tactics: 命令与控制
level: 2
matchedinfo: 恶意程序可能连接非常规端口网络连接进行数据偷取操作
num: 291
process_id: 2864
process_name: nslookup.exe
rulename: 连接非常规端口
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意程序通过创建网络连接的方式,以达到通过网络连接进行通信的目的
num: 291
process_id: 2864
process_name: nslookup.exe
rulename: 创建网络套接字连接