VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load
VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Basic Information

file name: 002.png
file size: 36864
file type: application/x-dosexec
MD5: 105665422eafc3e3af1f0ce5a41ba858
sha1: 781a79dac49121068cc5e3dbd3cef77e4d191bff

 CreateProcess

ApplicationName:
CmdLine: rundll32 C:\Users\ADMINI~1\AppData\Local\Temp\1618617644437_105665422eafc3e3af1f0ce5a41ba858.dll,#1 Install
childid: 2880
childname: rundll32.exe
childpath: C:\Windows\SysWOW64\rundll32.exe
drop_type:
name: load-x86.exe
noNeedLine:
path: C:\FQHATBTUYH\bin\load-x86.exe
pid: 3020
ApplicationName:
CmdLine: rundll32 C:\Users\ADMINI~1\AppData\Local\Temp\1618617644437_105665422eafc3e3af1f0ce5a41ba858.dll,#2 Install
childid: 808
childname: rundll32.exe
childpath: C:\Windows\SysWOW64\rundll32.exe
drop_type:
name: load-x86.exe
noNeedLine:
path: C:\FQHATBTUYH\bin\load-x86.exe
pid: 3020
ApplicationName:
CmdLine:
childid: 3020
childname: load-x86.exe
childpath: C:\FQHATBTUYH\bin\load-x86.exe
drop_type:
name:
noNeedLine:
path:
pid: 2088

 Malicious

attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过遍历系统中进程,可以用于特定杀软逃逸、虚拟机逃逸等
num: 57
process_id: 808
process_name: rundll32.exe
rulename: 遍历系统中的进程
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 112
process_id: 808
process_name: rundll32.exe
rulename: 修改内存地址为可读可写可执行