VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load
VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Basic Information

file name: 00红高粱
file size: 52259
file type: application/x-dosexec
MD5: ec18ec0805bb132d0cc59ee0edf35b9d
sha1: 4581a733671eb3da3d397bd95b3d9148a201c0d1

 CreateProcess

ApplicationName: C:\Users\Administrator\AppData\Local\Temp\lossy.exe
CmdLine: "C:\Users\ADMINI~1\AppData\Local\Temp\lossy.exe"
childid: 2760
childname: lossy.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\lossy.exe
drop_type: 1
name: 1620613844876_ec18ec0805bb132d0cc59ee0edf35b9d.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1620613844876_ec18ec0805bb132d0cc59ee0edf35b9d.exe
pid: 3668
ApplicationName:
CmdLine:
childid: 3668
childname: 1620613844876_ec18ec0805bb132d0cc59ee0edf35b9d.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\1620613844876_ec18ec0805bb132d0cc59ee0edf35b9d.exe
drop_type:
name:
noNeedLine:
path:
pid: 2664

 Summary

buffer: 0
processid: 2760
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\lossy_RASMANCS
type: REG_DWORD
valuename: EnableFileTracing
buffer: 0
processid: 2760
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\lossy_RASMANCS
type: REG_DWORD
valuename: EnableConsoleTracing
buffer: 4294901760
processid: 2760
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\lossy_RASMANCS
type: REG_DWORD
valuename: FileTracingMask
buffer: 4294901760
processid: 2760
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\lossy_RASMANCS
type: REG_DWORD
valuename: ConsoleTracingMask
buffer: 1048576
processid: 2760
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\lossy_RASMANCS
type: REG_DWORD
valuename: MaxFileSize
buffer: %windir%\tracing\x00
processid: 2760
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\lossy_RASMANCS
type: REG_EXPAND_SZ
valuename: FileDirectory
buffer: 1
processid: 2760
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\{42E7C687-3C56-48E6-A2A2-AB48DD2D7BC7}
type: REG_DWORD
valuename: WpadDecisionReason
buffer: e\x10\x15\x82E\xd7\x01
processid: 2760
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\{42E7C687-3C56-48E6-A2A2-AB48DD2D7BC7}
type: REG_BINARY
valuename: WpadDecisionTime
buffer: 3
processid: 2760
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\{42E7C687-3C56-48E6-A2A2-AB48DD2D7BC7}
type: REG_DWORD
valuename: WpadDecision
buffer: 网络 2
processid: 2760
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\{42E7C687-3C56-48E6-A2A2-AB48DD2D7BC7}
type: REG_SZ
valuename: WpadNetworkName
buffer: 1
processid: 2760
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00
type: REG_DWORD
valuename: WpadDecisionReason
buffer: e\x10\x15\x82E\xd7\x01
processid: 2760
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00
type: REG_BINARY
valuename: WpadDecisionTime
buffer: 3
processid: 2760
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00
type: REG_DWORD
valuename: WpadDecision
buffer: F\x00\x00\x00\x0e\x00\x00\x00 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00 e\x10\x15\x82E\xd7\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x02\x00\x00\x00\xc0\xa88\xcb\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\x00\x00\x00\x00\x00\x00\x00\xfe\x80\x00\x00\x00\x00\x00\x00\xa5E\xe7~\xbc)\x1fn\x0b\x00\x00\x00\x00\x00\x00\x00\x1c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xc0\xa88\xcb\x00\x00\x00\x00\x00\x00\x00\x00\x17\x00\x00\x00\x00\x00\x00\x00\xfe\x80\x00\x00\x00\x00\x00\x00\xa5E\xe7~\xbc)\x1fn\x0b\x00\x00\x00\x00\x00\x00\x00\x0c\x00\x00\x0c\xc7&\x00\x00H\xb0\x83\x00\xd8\x0f\x83\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00
processid: 2760
szSubkey: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
type: REG_BINARY
valuename: DefaultConnectionSettings
buffer: {42E7C687-3C56-48E6-A2A2-AB48DD2D7BC7}
processid: 2760
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad
type: REG_SZ
valuename: WpadLastNetwork

 Dropped Unsave

analysis_result: HEUR:Trojan.Win32.Generic
create: 0
how: write
md5: 49691aad8279090213e98809b77e030c
name: lossy.exe
new_size: 51KB (52447bytes)
operation: 修改文件
path: C:\Users\Administrator\AppData\Local\Temp\lossy.exe
processid: 3668
processname: 1620613844876_ec18ec0805bb132d0cc59ee0edf35b9d.exe
sha1: caff415cfb1fd976652fd822f59f68d09fb6be17
sha256: 725ad1117fcaa754703e944f31287d07806ed6146aeb01e5f7e3c091d36fc714
size: 52447
this_path: /data/cuckoo/storage/analyses/2000518/files/1000/lossy.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows

 Malicious

attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序创建隐藏进程在背后偷偷运行
num: 69
process_id: 3668
process_name: 1620613844876_ec18ec0805bb132d0cc59ee0edf35b9d.exe
rulename: 创建隐藏子进程
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意程序通过创建网络连接的方式,以达到通过网络连接进行通信的目的
num: 20023
process_id: 2760
process_name: lossy.exe
rulename: 创建网络套接字连接
attck_tactics: 持久化
level: 1
matchedinfo: 恶意程序通过打开服务控制管理器(Service Control Manager),以达到对服务进行控制的目的
num: 20181
process_id: 2760
process_name: lossy.exe
rulename: 打开服务控制管理器
attck_tactics: 执行
level: 2
matchedinfo: 恶意程序通过打开线程,以达到操作其它线程的目的
num: 20195
process_id: 2760
process_name: lossy.exe
rulename: 打开其他线程
attck_tactics: 基础信息获取
level: 1
matchedinfo: 恶意程序通过获取用户网卡信息的方式,以达到获取敏感信息的目的
num: 20405
process_id: 2760
process_name: lossy.exe
rulename: 收集电脑网卡信息
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 20453
process_id: 2760
process_name: lossy.exe
rulename: 遍历文件