VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load
VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Basic Information

file name: 00nana
file size: 415473
file type: application/x-dosexec
MD5: e75f56b7dd69a9e4fd7fffdb071332da
sha1: f471352c1dceac457e36622df6c1220b05a3677a

 CreateProcess

ApplicationName: C:\ProgramData\ktcss.exe
CmdLine:
childid: 2336
childname: ktcss.exe
childpath: C:\ProgramData\ktcss.exe
drop_type: 1
name: 1620561633286_e75f56b7dd69a9e4fd7fffdb071332da.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1620561633286_e75f56b7dd69a9e4fd7fffdb071332da.exe
pid: 244
ApplicationName:
CmdLine:
childid: 244
childname: 1620561633286_e75f56b7dd69a9e4fd7fffdb071332da.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\1620561633286_e75f56b7dd69a9e4fd7fffdb071332da.exe
drop_type:
name:
noNeedLine:
path:
pid: 2736

 Summary

buffer: C:\ProgramData\ktcss.exe
processid: 2336
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
type: REG_SZ
valuename: Microsoft\xae Windows\xae Operating System

 Dropped_Save

analysis_result: 安全
create: 0
how: write
md5: a52d6cb53c4c31e9f5ad53a356adf9dd
name: Mira.h
new_size: 150KB (153811bytes)
operation: 修改文件
path: C:\ProgramData\Saaaalamm\Mira.h
processid: 244
processname: 1620561633286_e75f56b7dd69a9e4fd7fffdb071332da.exe
sha1: 4e9b2d208dc3c3a6e23decb0a7d7381c73f7b101
sha256: f6bc441488529eadccfef115d11fa10c5cb8cb125b6c08c52a2bbc144bd4f7d8
size: 153811
this_path: /data/cuckoo/storage/analyses/448/files/1001/Mira.h
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 186f91ada45075df074cbb1e464df93d
name: $Recycle.Bin .exe
new_size: 405KB (415475bytes)
operation: 修改文件
path: C:\$Recycle.Bin .exe
processid: 2336
processname: ktcss.exe
sha1: cb29ccfb1f5658c3df756c0266420d651659d076
sha256: bb23acd345731522d9a4f8c2162c8a4c8c9a66f88523c8c1286daa1727f31359
size: 415475
this_path: /data/cuckoo/storage/analyses/448/files/1002/$Recycle.Bin .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: d1205bc62d4727b3a885b9729386109c
name: Documents and Settings .exe
new_size: 405KB (415475bytes)
operation: 修改文件
path: C:\Documents and Settings .exe
processid: 2336
processname: ktcss.exe
sha1: b43b1cd24676f49ce8a15fdf82a66b7a0477b2d8
sha256: 1774ddb80d633d594ac501ffe0fba4fcbf7945d6c42612171832ec260206849e
size: 415475
this_path: /data/cuckoo/storage/analyses/448/files/1003/Documents and Settings .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 35e86beb28038334c27fc581fd670bda
name: DZzyhya .exe
new_size: 405KB (415475bytes)
operation: 修改文件
path: C:\DZzyhya .exe
processid: 2336
processname: ktcss.exe
sha1: 5bdc48019e94636652bba71d0445cfb48bbc7c1c
sha256: 6c27861c6a932c1e41a014c4010a1017c1c90d666d5285e4138f6ffa6b917459
size: 415475
this_path: /data/cuckoo/storage/analyses/448/files/1004/DZzyhya .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: fb03bc3c56d11a9b700cd2f89e52dd91
name: HYgIoDxRom .exe
new_size: 405KB (415475bytes)
operation: 修改文件
path: C:\HYgIoDxRom .exe
processid: 2336
processname: ktcss.exe
sha1: 693ef284030a270dd1f4bb582afdeea765e7d08d
sha256: 6827963196cc0f7a327f1398c01300b08f5b2d684696d1d3eeab85b324127cc2
size: 415475
this_path: /data/cuckoo/storage/analyses/448/files/1005/HYgIoDxRom .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: ba8e27fc1d56bd2e8a72a67f159d0d7c
name: mnlsx .exe
new_size: 405KB (415475bytes)
operation: 修改文件
path: C:\mnlsx .exe
processid: 2336
processname: ktcss.exe
sha1: eab1eeb1b06183989da75719fe38a54a7a30e657
sha256: 6a74d5a8d8a1ba07776947481cd1262e80c31574a5d91f00e3f47d0defa0d852
size: 415475
this_path: /data/cuckoo/storage/analyses/448/files/1006/mnlsx .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 3e863a57d3ba00fabeeec8f478283c25
name: MNVCDTRLBU .exe
new_size: 405KB (415475bytes)
operation: 修改文件
path: C:\MNVCDTRLBU .exe
processid: 2336
processname: ktcss.exe
sha1: 332a2b889328a38e93fa31f03244abcb1fabb745
sha256: 075fb038abc5ea108fc614342b40382bc2841e6e7839de7d51d082546d781427
size: 415475
this_path: /data/cuckoo/storage/analyses/448/files/1007/MNVCDTRLBU .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 41b04cf1a92c09dca7472bb051a04aba
name: MSOCache .exe
new_size: 405KB (415475bytes)
operation: 修改文件
path: C:\MSOCache .exe
processid: 2336
processname: ktcss.exe
sha1: dee239b63c7d534052cac5cbf8795819314ad13b
sha256: fc8b3708d31383e5cd5f80da3d48621c0e2ac93387d19bac3f3489bd911a5b7b
size: 415475
this_path: /data/cuckoo/storage/analyses/448/files/1008/MSOCache .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 8d1a1cbb87551216a2343abf40852386
name: pagefile.sys .exe
new_size: 405KB (415475bytes)
operation: 修改文件
path: C:\pagefile.sys .exe
processid: 2336
processname: ktcss.exe
sha1: 07f335c1755d4ba62cc3a4c4b9c339b32181ab96
sha256: 4550a8c9954e1e1b1561be9a9b777a732a62c76d6b141500a6980775c89aa63c
size: 415475
this_path: /data/cuckoo/storage/analyses/448/files/1009/pagefile.sys .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 54b52b53dfb781a88698e75ce0fa5c87
name: PerfLogs .exe
new_size: 405KB (415475bytes)
operation: 修改文件
path: C:\PerfLogs .exe
processid: 2336
processname: ktcss.exe
sha1: fc210739fc5c092ddfdcb6fef74ce72d198f1dba
sha256: 47d604cabcc9b2a2350129da63bb390d0055516d1bf51f51fc14a2a688fbd5ef
size: 415475
this_path: /data/cuckoo/storage/analyses/448/files/1010/PerfLogs .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 7e281c0d61597304d9d731cf5c17946d
name: Program Files .exe
new_size: 405KB (415475bytes)
operation: 修改文件
path: C:\Program Files .exe
processid: 2336
processname: ktcss.exe
sha1: 5a2cb1eab4522afdbd3c50d3f8b6d35228423d4b
sha256: 5da42d84a4e29790768daa1cbbd5bc7703866962894bc39f71da887ee4e86f5a
size: 415475
this_path: /data/cuckoo/storage/analyses/448/files/1011/Program Files .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 15968827ea16aa7b5a37267930cd182e
name: Program Files (x86) .exe
new_size: 405KB (415475bytes)
operation: 修改文件
path: C:\Program Files (x86) .exe
processid: 2336
processname: ktcss.exe
sha1: 7f739582d1fa2a2854604c583fb45ded00155067
sha256: 74b582e5a964f74c766047dce556d5e78fcf74598e166775ee7ded28569989a2
size: 415475
this_path: /data/cuckoo/storage/analyses/448/files/1012/Program Files (x86) .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 9d9e2d9de039682dbaeea30c3574166a
name: ProgramData .exe
new_size: 405KB (415475bytes)
operation: 修改文件
path: C:\ProgramData .exe
processid: 2336
processname: ktcss.exe
sha1: 3deb32c9b91f87253ffda91cdbdbe0d3fe77ad5d
sha256: e18e1176d8325d163686e4375ddba27cdda2c5b7c0b0ea74af3861697d6f8889
size: 415475
this_path: /data/cuckoo/storage/analyses/448/files/1013/ProgramData .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: dc60e940e9ebf42e408f517f92abb8f5
name: Python27 .exe
new_size: 405KB (415475bytes)
operation: 修改文件
path: C:\Python27 .exe
processid: 2336
processname: ktcss.exe
sha1: 1ddef069f84aa71b7c196a76e1d4ac98fff8a8c6
sha256: e25a76537a59f52e7d6119fe7ee10fa96a7ad52c62bf3f3cd975cafb6d7d301d
size: 415475
this_path: /data/cuckoo/storage/analyses/448/files/1014/Python27 .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: dfde580d18646d586c88ed596cc7fdd5
name: Recovery .exe
new_size: 405KB (415475bytes)
operation: 修改文件
path: C:\Recovery .exe
processid: 2336
processname: ktcss.exe
sha1: 93eeeb83947262ab93ec14f3432fbaa1731810f1
sha256: 3efac1cd845758c1a847ba396fc67da3cc813525bec6435a9d1b2f9942c8af49
size: 415475
this_path: /data/cuckoo/storage/analyses/448/files/1015/Recovery .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: eeeb89c604342599abbed26b44a95bf3
name: System Volume Information .exe
new_size: 388KB (398069bytes)
operation: 修改文件
path: C:\System Volume Information .exe
processid: 2336
processname: ktcss.exe
sha1: e9300cf0be7c0a224a350c0b39b325670f887d79
sha256: 77db0bb8f2062a50004ada431732ffc2661e7cad32264a2c3ff047733d8e8bb8
size: 398069
this_path: /data/cuckoo/storage/analyses/448/files/1016/System Volume Information .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows

 Dropped Unsave

analysis_result: Trojan.Win32.Agent.nezvfi
create: 0
how: write
md5: f0d16a10c2901fc776586e938c6c024f
name: ktcss.exe
new_size: 255KB (261652bytes)
operation: 修改文件
path: C:\ProgramData\ktcss.exe
processid: 244
processname: 1620561633286_e75f56b7dd69a9e4fd7fffdb071332da.exe
sha1: 5e18e00818bd975388de9344868f6a1af269d1cb
sha256: 270c4c7784918fbc08a87aa1cab8c126309e54664412ce8b93471c399f67782c
size: 261652
this_path: /data/cuckoo/storage/analyses/448/files/1000/ktcss.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows

 Malicious

attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 3
process_id: 244
process_name: 1620561633286_e75f56b7dd69a9e4fd7fffdb071332da.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 30
process_id: 244
process_name: 1620561633286_e75f56b7dd69a9e4fd7fffdb071332da.exe
rulename: 遍历文件
attck_tactics: 防御逃逸
level: 2
matchedinfo: 通过修改查看隐藏文件设置,达到隐藏文件的目的
num: 180
process_id: 244
process_name: 1620561633286_e75f56b7dd69a9e4fd7fffdb071332da.exe
rulename: 获取隐藏文件设置
attck_tactics: 持久化
level: 2
matchedinfo: 恶意程序通过修改注册表的方式实现随系统自启动,以达到长期控制或驻留系统的目的
num: 8
process_id: 2336
process_name: ktcss.exe
rulename: 写入自启动注册表,增加自启动2
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 18
process_id: 2336
process_name: ktcss.exe
rulename: 遍历文件