VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load
VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Basic Information

file name: 00蜘蛛侠
file size: 61957
file type: application/vnd.ms-excel
MD5: 15dc263e54356c99f97e261e60c8cdf6
sha1: 2035b13adc626cceae7d0fd303a1aa9334655336

 CreateProcess

ApplicationName:
CmdLine: "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /Embedding
childid: 1852
childname: EXCEL.EXE
childpath: C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
drop_type:
name: EXCEL.EXE
noNeedLine:
path: c:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
pid: 1244
ApplicationName:
CmdLine:
childid: 1244
childname: EXCEL.EXE
childpath: c:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
drop_type:
name:
noNeedLine:
path:
pid: 2404

 Summary

buffer: Off
processid: 1852
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
type: REG_SZ
valuename: 2052
buffer: Off
processid: 1852
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
type: REG_SZ
valuename: 1033
buffer: On
processid: 1852
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
type: REG_SZ
valuename: 2052
buffer: On
processid: 1852
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
type: REG_SZ
valuename: 1033
buffer: 1387397256
processid: 1852
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004119210000000000000000F01FEC\Usage
type: REG_DWORD
valuename: EXCELFiles
buffer: 1387397145
processid: 1852
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109610040800000000000F01FEC\Usage
type: REG_DWORD
valuename: EXCELFilesIntl_2052

 Dropped_Save

analysis_result: 安全
create: 0
how: write
md5: fbccf14d504b7b2dbcb5a5bda75bd93b
name: Zone.Identifier
new_size: 26bytes
operation: 修改文件
path: C:\Users\Administrator\AppData\Local\Temp\OICE_F3B5C239-9A0F-401E-8682-5078FB8A38CC.0\5D8C213F.xls:Zone.Identifier
processid: 1244
processname: EXCEL.EXE
sha1: d59fc84cdd5217c6cf74785703655f78da6b582b
sha256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
size: 26
this_path: /data/cuckoo/storage/analyses/2000980/files/1003/Zone.Identifier
type: ASCII text, with CRLF line terminators

 Dropped Unsave

analysis_result: HEUR:Trojan-Downloader.MSOffice.SLoad.gen
create: 0
how: write
md5: 15dc263e54356c99f97e261e60c8cdf6
name: 1621285232653_15dc263e54356c99f97e261e60c8cdf6.xls
new_size: 60KB (61957bytes)
operation: 修改文件
path: C:\Users\Administrator\AppData\Local\Temp\Excel\1621285232653_15dc263e54356c99f97e261e60c8cdf6.xls
processid: 1244
processname: EXCEL.EXE
sha1: 2035b13adc626cceae7d0fd303a1aa9334655336
sha256: 23ea2798b17786edcc4fe6ada188252895ec5b1142b22d25a61bef1048df6ca9
size: 61957
this_path: /data/cuckoo/storage/analyses/2000980/files/1000/1621285232653_15dc263e54356c99f97e261e60c8cdf6.xls
type: Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Apr 24 06:37:02 2020, Last Saved Time/Date: Fri Apr 24 06:37:04 2020, Security: 1
analysis_result: HEUR:Trojan-Downloader.MSOffice.SLoad.gen
create: 0
how: write
md5: 15dc263e54356c99f97e261e60c8cdf6
name: 5D8C213F.xls
new_size: 60KB (61957bytes)
operation: 修改文件
path: C:\Users\Administrator\AppData\Local\Temp\OICE_F3B5C239-9A0F-401E-8682-5078FB8A38CC.0\5D8C213F.xls
processid: 1244
processname: EXCEL.EXE
sha1: 2035b13adc626cceae7d0fd303a1aa9334655336
sha256: 23ea2798b17786edcc4fe6ada188252895ec5b1142b22d25a61bef1048df6ca9
size: 61957
this_path: /data/cuckoo/storage/analyses/2000980/files/1002/5D8C213F.xls
type: Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Apr 24 06:37:02 2020, Last Saved Time/Date: Fri Apr 24 06:37:04 2020, Security: 1