VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load
VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Basic Information

file name: 00越狱第四季
file size: 58368
file type: application/x-dosexec
MD5: 72a1fbef6f3f600634f9747d1d3a7dbd
sha1: cf89c9c6e949a551a1ea1cdc74fb4d955e15a23e

 CreateProcess

ApplicationName:
CmdLine:
childid: 1276
childname: 1618605037782_72a1fbef6f3f600634f9747d1d3a7dbd.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\1618605037782_72a1fbef6f3f600634f9747d1d3a7dbd.exe
drop_type:
name:
noNeedLine:
path:
pid: 2808

 Malicious

attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 22
process_id: 1276
process_name: 1618605037782_72a1fbef6f3f600634f9747d1d3a7dbd.exe
rulename: 遍历文件
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 150
process_id: 1276
process_name: 1618605037782_72a1fbef6f3f600634f9747d1d3a7dbd.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 一般被用于文件的加密、数据的加密传输或可能被用于勒索者病毒中
num: 710
process_id: 1276
process_name: 1618605037782_72a1fbef6f3f600634f9747d1d3a7dbd.exe
rulename: 调用加密算法库
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 当前运行环境不符合时(如:检测到杀毒软件等),程序会主动退出达到规避检测的目的。恶意行为可能没有完全触发
num: 916
process_id: 1276
process_name: 1618605037782_72a1fbef6f3f600634f9747d1d3a7dbd.exe
rulename: 结束自身进程
attck_tactics: 防御逃逸
level: 2
matchedinfo: 检查程序运行时监视鼠标是否移动。一般被恶意软件用于沙盒逃逸
num: 916
process_id: 1276
process_name: 1618605037782_72a1fbef6f3f600634f9747d1d3a7dbd.exe
rulename: 获取当前鼠标位置