VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load
VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Basic Information

file name: 00盗梦空间
file size: 1042899
file type: application/x-dosexec
MD5: 05298119cb7b5ea292c32a46d3165e28
sha1: b11cbeb42597ccc58074f298c5ed131259fc2044

 CreateProcess

ApplicationName:
CmdLine:
childid: 1884
childname: 1621281609652_05298119cb7b5ea292c32a46d3165e28.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\1621281609652_05298119cb7b5ea292c32a46d3165e28.exe
drop_type:
name:
noNeedLine:
path:
pid: 1484

 Dropped Unsave

analysis_result: Backdoor.Win32.Delf.ars
create: 0
how: write
md5: b8451227d7d1d7099fd1b378ff2f5b63
name: Half-Life 2 patch.exe
new_size: 1020KB (1044948bytes)
operation: 修改文件
path: C:\Windows\win32dc\Half-Life 2 patch.exe
processid: 1884
processname: 1621281609652_05298119cb7b5ea292c32a46d3165e28.exe
sha1: 3387bd6acbe9da33c42a4cda5785c42237c857c8
sha256: 0399fbecb505bf60ab8935916c568e8cd811c0ee9e70a3775cac7edec331bdb6
size: 1044948
this_path: /data/cuckoo/storage/analyses/1001005/files/1000/Half-Life 2 patch.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: Backdoor.Win32.Delf.ars
create: 0
how: write
md5: 8b46c28c5a3e77db6011e0e49d5633a3
name: Counter-Strike + codes.exe
new_size: 1020KB (1044948bytes)
operation: 修改文件
path: C:\Windows\win32dc\Counter-Strike + codes.exe
processid: 1884
processname: 1621281609652_05298119cb7b5ea292c32a46d3165e28.exe
sha1: b6215e0f6aa94a1029f539b9127afd1fcbc3fa49
sha256: 10318f38df18d8aa27028552dd112182a21848b8692c6ac5a272f1aa6882718d
size: 1044948
this_path: /data/cuckoo/storage/analyses/1001005/files/1001/Counter-Strike + codes.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: Backdoor.Win32.Delf.ars
create: 0
how: write
md5: 828a6f0d9b4585d625457c91afb9eefa
name: Half-Life 2 nocd.exe
new_size: 1022KB (1046996bytes)
operation: 修改文件
path: C:\Windows\win32dc\Half-Life 2 nocd.exe
processid: 1884
processname: 1621281609652_05298119cb7b5ea292c32a46d3165e28.exe
sha1: 2435f89983c1d57d68f4a73a776c192a23668011
sha256: 42de01ee202cacaa517b7eb92f877df82aeac619282bf268eeb7fd88105fe09d
size: 1046996
this_path: /data/cuckoo/storage/analyses/1001005/files/1002/Half-Life 2 nocd.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: Backdoor.Win32.Delf.ars
create: 0
how: write
md5: 27a06141dc6e355227ccf7b58346645b
name: Doom 3_trainer.exe
new_size: 1020KB (1044948bytes)
operation: 修改文件
path: C:\Windows\win32dc\Doom 3_trainer.exe
processid: 1884
processname: 1621281609652_05298119cb7b5ea292c32a46d3165e28.exe
sha1: 98cc8ac166bae97b257f69d4e340bb7065792901
sha256: 4806a1bf8cd1255f3e6142f51c21468f376cab4be8d61c04373c6e7a242fc581
size: 1044948
this_path: /data/cuckoo/storage/analyses/1001005/files/1003/Doom 3_trainer.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: Backdoor.Win32.Delf.ars
create: 0
how: copy
md5: 05298119cb7b5ea292c32a46d3165e28
name: Counter-Strike_crack.exe
new_size: 1018KB (1042899bytes)
operation: 拷贝覆盖文件
path: C:\Windows\win32dc\Counter-Strike_crack.exe
processid: 1884
processname: 1621281609652_05298119cb7b5ea292c32a46d3165e28.exe
sha1: b11cbeb42597ccc58074f298c5ed131259fc2044
sha256: 04239563112d4f39972f490da7bed2d0da8e2f0a6fd1902bd3111ff9fa07a6c5
size: 1042899
this_path: /data/cuckoo/storage/analyses/1001005/files/1004/Counter-Strike_crack.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: Backdoor.Win32.Delf.ars
create: 0
how: write
md5: a46f04c70b278752f92e38bd00278cfa
name: BattleField 1942(nocd).exe
new_size: 1019KB (1043924bytes)
operation: 修改文件
path: C:\Windows\win32dc\BattleField 1942(nocd).exe
processid: 1884
processname: 1621281609652_05298119cb7b5ea292c32a46d3165e28.exe
sha1: cc563199bc10a94393b28b2b35275a081b573037
sha256: 49f3d3efcb7d2d65d4ffce671aab3cacbc1d5eef8fad20f59d8b54ee9bef9441
size: 1043924
this_path: /data/cuckoo/storage/analyses/1001005/files/1005/BattleField 1942(nocd).exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: Backdoor.Win32.Delf.ars
create: 0
how: write
md5: 53155e753042d77b0805c451ea684088
name: Silent Hill 4 + nocd.exe
new_size: 1021KB (1045972bytes)
operation: 修改文件
path: C:\Windows\win32dc\Silent Hill 4 + nocd.exe
processid: 1884
processname: 1621281609652_05298119cb7b5ea292c32a46d3165e28.exe
sha1: 7fd7de67770da2d66c06d6fe33bda381edc04357
sha256: 8f10346b26df1faca54be7104fdece47909705db88a8723ea1c5500397bc6079
size: 1045972
this_path: /data/cuckoo/storage/analyses/1001005/files/1006/Silent Hill 4 + nocd.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: Backdoor.Win32.Delf.ars
create: 0
how: write
md5: 65bedc50e4e66a572a5214a3b0575b54
name: Counter-Strike fix.exe
new_size: 1018KB (1042900bytes)
operation: 修改文件
path: C:\Windows\win32dc\Counter-Strike fix.exe
processid: 1884
processname: 1621281609652_05298119cb7b5ea292c32a46d3165e28.exe
sha1: 2cde05d247702c9b0959087bead3c0c8281cdf85
sha256: 2a770462116c51233d7e8a13e144805a57bad2f7842713ddea25c1c178ed6aa7
size: 1042900
this_path: /data/cuckoo/storage/analyses/1001005/files/1007/Counter-Strike fix.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: Backdoor.Win32.Delf.ars
create: 0
how: write
md5: 51dcfb0306733aac0d7c654938a4dc5e
name: BattleField 1942_cheat.exe
new_size: 1018KB (1042900bytes)
operation: 修改文件
path: C:\Windows\win32dc\BattleField 1942_cheat.exe
processid: 1884
processname: 1621281609652_05298119cb7b5ea292c32a46d3165e28.exe
sha1: a5e1f7c30119fedb4e18b5e400ede8e782e69f7e
sha256: 26b5baeb6e71ea4fc2135ec4751b9e92ace9705f6fe192174fb6c7bfc6bcc18f
size: 1042900
this_path: /data/cuckoo/storage/analyses/1001005/files/1008/BattleField 1942_cheat.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: Backdoor.Win32.Delf.ars
create: 0
how: copy
md5: 05298119cb7b5ea292c32a46d3165e28
name: Half-Life 2 hack.exe
new_size: 1018KB (1042899bytes)
operation: 拷贝覆盖文件
path: C:\Windows\win32dc\Half-Life 2 hack.exe
processid: 1884
processname: 1621281609652_05298119cb7b5ea292c32a46d3165e28.exe
sha1: b11cbeb42597ccc58074f298c5ed131259fc2044
sha256: 04239563112d4f39972f490da7bed2d0da8e2f0a6fd1902bd3111ff9fa07a6c5
size: 1042899
this_path: /data/cuckoo/storage/analyses/1001005/files/1009/Half-Life 2 hack.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

 Malicious

attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 9
process_id: 1884
process_name: 1621281609652_05298119cb7b5ea292c32a46d3165e28.exe
rulename: 拷贝文件到系统目录
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意程序通过创建网络连接的方式,以达到通过网络连接进行通信的目的
num: 233
process_id: 1884
process_name: 1621281609652_05298119cb7b5ea292c32a46d3165e28.exe
rulename: 创建网络套接字连接
attck_tactics: 命令与控制
level: 2
matchedinfo: 恶意程序可能连接非常规端口网络连接进行数据偷取操作
num: 233
process_id: 1884
process_name: 1621281609652_05298119cb7b5ea292c32a46d3165e28.exe
rulename: 连接非常规端口