VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load
VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Basic Information

file name: 00帝霸
file size: 327689
file type: application/x-dosexec
MD5: 28130278a3c2c4defcd05cb2261eae91
sha1: 7a13c505c08f64a76d722067d3f9df93e3db351f

 CreateProcess

ApplicationName:
CmdLine:
childid: 1936
childname: 1620694827128_28130278a3c2c4defcd05cb2261eae91.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\1620694827128_28130278a3c2c4defcd05cb2261eae91.exe
drop_type:
name:
noNeedLine:
path:
pid: 260
ApplicationName:
CmdLine:
childid: 2992
childname: nslookup.exe
childpath: C:\Windows\SysWOW64\nslookup.exe
drop_type:
name: 1620694827128_28130278a3c2c4defcd05cb2261eae91.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1620694827128_28130278a3c2c4defcd05cb2261eae91.exe
pid: 1936
ApplicationName:
CmdLine:
childid: 3020
childname: nslookup.exe
childpath: C:\Windows\SysWOW64\nslookup.exe
drop_type:
name: 1620694827128_28130278a3c2c4defcd05cb2261eae91.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1620694827128_28130278a3c2c4defcd05cb2261eae91.exe
pid: 1936
ApplicationName:
CmdLine:
childid: 1432
childname: nslookup.exe
childpath: C:\Windows\SysWOW64\nslookup.exe
drop_type:
name: 1620694827128_28130278a3c2c4defcd05cb2261eae91.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1620694827128_28130278a3c2c4defcd05cb2261eae91.exe
pid: 1936

 Dropped Unsave

analysis_result: Exploit.Win32.CVE-2016-7255.bh
create: 0
how: write
md5: bf82e47fae46ccb029a8009d47c90558
name: rnmsbu.exe
new_size: 320KB (327689bytes)
operation: 修改文件
path: C:\Users\Administrator\AppData\Roaming\Microsoft\rnmsbu.exe
processid: 1936
processname: 1620694827128_28130278a3c2c4defcd05cb2261eae91.exe
sha1: 7f5ae17bae72e8875bc18aed8054a126ac60f580
sha256: 3acdd58580d6fa5567d3498f28ecac1061bd6ffd617b47945d18c4529b59d665
size: 327689
this_path: /data/cuckoo/storage/analyses/5000627/files/1000/rnmsbu.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows

 Malicious

attck_tactics: 基础信息获取
level: 1
matchedinfo: 恶意程序通过获取用户网卡信息的方式,以达到获取敏感信息的目的
num: 245
process_id: 2992
process_name: nslookup.exe
rulename: 收集电脑网卡信息
attck_tactics: 命令与控制
level: 2
matchedinfo: 恶意程序可能连接非常规端口网络连接进行数据偷取操作
num: 291
process_id: 2992
process_name: nslookup.exe
rulename: 连接非常规端口
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意程序通过创建网络连接的方式,以达到通过网络连接进行通信的目的
num: 291
process_id: 2992
process_name: nslookup.exe
rulename: 创建网络套接字连接
attck_tactics: 基础信息获取
level: 1
matchedinfo: 恶意程序通过获取用户网卡信息的方式,以达到获取敏感信息的目的
num: 245
process_id: 3020
process_name: nslookup.exe
rulename: 收集电脑网卡信息
attck_tactics: 命令与控制
level: 2
matchedinfo: 恶意程序可能连接非常规端口网络连接进行数据偷取操作
num: 291
process_id: 3020
process_name: nslookup.exe
rulename: 连接非常规端口
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意程序通过创建网络连接的方式,以达到通过网络连接进行通信的目的
num: 291
process_id: 3020
process_name: nslookup.exe
rulename: 创建网络套接字连接
attck_tactics: 基础信息获取
level: 1
matchedinfo: 恶意程序通过获取用户网卡信息的方式,以达到获取敏感信息的目的
num: 245
process_id: 1432
process_name: nslookup.exe
rulename: 收集电脑网卡信息
attck_tactics: 命令与控制
level: 2
matchedinfo: 恶意程序可能连接非常规端口网络连接进行数据偷取操作
num: 291
process_id: 1432
process_name: nslookup.exe
rulename: 连接非常规端口
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意程序通过创建网络连接的方式,以达到通过网络连接进行通信的目的
num: 291
process_id: 1432
process_name: nslookup.exe
rulename: 创建网络套接字连接