VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load
VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Basic Information

file name: bfsvc.exe
file size: 54272
file type: application/x-dosexec
MD5: 5da6caedd6762ec6d433e91e8f2b79d8
sha1: 0a6eddf3d329719ca728b703b208684abb69c649

 CreateProcess

ApplicationName:
CmdLine:
childid: 2092
childname: 1621027822874_5da6caedd6762ec6d433e91e8f2b79d8.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\1621027822874_5da6caedd6762ec6d433e91e8f2b79d8.exe
drop_type:
name:
noNeedLine:
path:
pid: 2904

 Behavior_analysis

message: 企图通过长时间休眠躲避沙箱检测
name: 长时间休眠
szSubkey:
score: 2

 Malicious

attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 152
process_id: 2092
process_name: 1621027822874_5da6caedd6762ec6d433e91e8f2b79d8.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 一般被用于文件的加密、数据的加密传输或可能被用于勒索者病毒中
num: 1068
process_id: 2092
process_name: 1621027822874_5da6caedd6762ec6d433e91e8f2b79d8.exe
rulename: 调用加密算法库