VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load
VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Basic Information

file name: 00纵横
file size: 40960
file type: application/x-dosexec
MD5: a05ea5ab8adadd1061f2656870d4ab6a
sha1: 9e3e9f17855ba6d585f6920b26abe13d335e950b

 CreateProcess

ApplicationName: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
CmdLine: "C:\Users\Administrator\AppData\Local\Temp\1618729218211_a05ea5ab8adadd1061f2656870d4ab6a.exe"
childid: 4364
childname: RegAsm.exe
childpath: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
drop_type:
name: 1618729218211_a05ea5ab8adadd1061f2656870d4ab6a.exe
noNeedLine: 1
path: C:\Users\Administrator\AppData\Local\Temp\1618729218211_a05ea5ab8adadd1061f2656870d4ab6a.exe
pid: 5040
ApplicationName:
CmdLine:
childid: 5040
childname: 1618729218211_a05ea5ab8adadd1061f2656870d4ab6a.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\1618729218211_a05ea5ab8adadd1061f2656870d4ab6a.exe
drop_type:
name:
noNeedLine:
path:
pid: 2932

 Malicious

attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过从资源段释放文件并运行的方式,以达到隐藏恶意代码的目的
num: 115
process_id: 5040
process_name: 1618729218211_a05ea5ab8adadd1061f2656870d4ab6a.exe
rulename: 从资源段释放文件并运行
attck_tactics: 其他恶意行为
level: 2
matchedinfo: 恶意程序通过从资源段释放资源到内存中,进行解密操作
num: 115
process_id: 5040
process_name: 1618729218211_a05ea5ab8adadd1061f2656870d4ab6a.exe
rulename: 加载资源到内存
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 398
process_id: 5040
process_name: 1618729218211_a05ea5ab8adadd1061f2656870d4ab6a.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 6
process_id: 4364
process_name: RegAsm.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 54
process_id: 4364
process_name: RegAsm.exe
rulename: 遍历文件