VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load
VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Basic Information

file name: 00网游之天谴修罗
file size: 420635
file type: application/x-dosexec
MD5: e8582ddab30d5330e6f653cbb191900a
sha1: 66bd8174c6f5b71ac30226fa9e04e3fcdb9d23fe

 CreateProcess

ApplicationName: C:\ProgramData\puxfa.exe
CmdLine:
childid: 2104
childname: puxfa.exe
childpath: C:\ProgramData\puxfa.exe
drop_type: 1
name: 1620583220658_e8582ddab30d5330e6f653cbb191900a.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1620583220658_e8582ddab30d5330e6f653cbb191900a.exe
pid: 2204
ApplicationName:
CmdLine:
childid: 2204
childname: 1620583220658_e8582ddab30d5330e6f653cbb191900a.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\1620583220658_e8582ddab30d5330e6f653cbb191900a.exe
drop_type:
name:
noNeedLine:
path:
pid: 1296

 Summary

buffer: C:\ProgramData\puxfa.exe
processid: 2104
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
type: REG_SZ
valuename: Microsoft\xae Windows\xae Operating System

 Dropped_Save

analysis_result: 安全
create: 0
how: write
md5: a52d6cb53c4c31e9f5ad53a356adf9dd
name: Mira.h
new_size: 150KB (153811bytes)
operation: 修改文件
path: C:\ProgramData\Saaaalamm\Mira.h
processid: 2204
processname: 1620583220658_e8582ddab30d5330e6f653cbb191900a.exe
sha1: 4e9b2d208dc3c3a6e23decb0a7d7381c73f7b101
sha256: f6bc441488529eadccfef115d11fa10c5cb8cb125b6c08c52a2bbc144bd4f7d8
size: 153811
this_path: /data/cuckoo/storage/analyses/6000478/files/1001/Mira.h
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: cefc19272959a553db3b129bf4c4bbd1
name: $Recycle.Bin .exe
new_size: 410KB (420637bytes)
operation: 修改文件
path: C:\$Recycle.Bin .exe
processid: 2104
processname: puxfa.exe
sha1: 81e92b5d8430c551d9115ff2d86bc35b717a9605
sha256: 756feb8ffd6fa357302f0a8ea17e1ce311245365a6fa22ea6872101a1df33a80
size: 420637
this_path: /data/cuckoo/storage/analyses/6000478/files/1002/$Recycle.Bin .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: c1dca22a2c83f8106d42149402c54b0a
name: BMXduN .exe
new_size: 410KB (420637bytes)
operation: 修改文件
path: C:\BMXduN .exe
processid: 2104
processname: puxfa.exe
sha1: e05dd9898292a91fb93e25d5613e9708de5b281c
sha256: d52d85aa6a2d93f5984615a4811b268c6c5ba51a877034a92ce840395f65611d
size: 420637
this_path: /data/cuckoo/storage/analyses/6000478/files/1003/BMXduN .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 63909abd42db2996a0a79f8c30b5afe9
name: ChQqZI .exe
new_size: 410KB (420637bytes)
operation: 修改文件
path: C:\ChQqZI .exe
processid: 2104
processname: puxfa.exe
sha1: 2d1c4dac32a9d86d67c90ce63815eda12fe7eb2d
sha256: 960d6c29f7c2ac26b519fb9b3e7c308e0a98addc8be21fadc66c86bd62478709
size: 420637
this_path: /data/cuckoo/storage/analyses/6000478/files/1004/ChQqZI .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: aadecfbbe5d774bf8591b43dacc51f96
name: Documents and Settings .exe
new_size: 410KB (420637bytes)
operation: 修改文件
path: C:\Documents and Settings .exe
processid: 2104
processname: puxfa.exe
sha1: 4adc194c98048cacb5f904bee5ad7f03d59136d9
sha256: b7c6ded704db17de9e0ee40dc762172ffff06f34bc2952035b00d2dab7168602
size: 420637
this_path: /data/cuckoo/storage/analyses/6000478/files/1005/Documents and Settings .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: b892a5b40bde158c5f94d3f6711dde8e
name: mnlsx .exe
new_size: 410KB (420637bytes)
operation: 修改文件
path: C:\mnlsx .exe
processid: 2104
processname: puxfa.exe
sha1: c7306f9b17c6bfb316769aec4451add6e01a6515
sha256: afa54939d2507d1c1573f784ba8b3c8c77d97ea859e5010e5ac0e70f01cf0d87
size: 420637
this_path: /data/cuckoo/storage/analyses/6000478/files/1006/mnlsx .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 6f22b49ad06ac34ad3bef72cc4af5c6c
name: MSOCache .exe
new_size: 410KB (420637bytes)
operation: 修改文件
path: C:\MSOCache .exe
processid: 2104
processname: puxfa.exe
sha1: e69b3c41169ac0c246d1475b2e06e10e278695b7
sha256: 371254a6039f8e1048f5701d35c00665a8c916054f3b8d4a6b7d1c0cac6f269c
size: 420637
this_path: /data/cuckoo/storage/analyses/6000478/files/1007/MSOCache .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 9f64011a6a1d4bac1b1e02d55be121d3
name: OXWCJDLNXS .exe
new_size: 410KB (420637bytes)
operation: 修改文件
path: C:\OXWCJDLNXS .exe
processid: 2104
processname: puxfa.exe
sha1: 29fab757e70755002ca1d61eb96f0774df8f1eda
sha256: cdbbbae34190271856dee8b417de05b3e61a49fb0ced2999b51a28c170a0ee0a
size: 420637
this_path: /data/cuckoo/storage/analyses/6000478/files/1008/OXWCJDLNXS .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 1cc27b9174a5ab2fe3cbf9644b811ff5
name: pagefile.sys .exe
new_size: 410KB (420637bytes)
operation: 修改文件
path: C:\pagefile.sys .exe
processid: 2104
processname: puxfa.exe
sha1: 830463ac4c88b8e7e5e91e134076059b7865596a
sha256: db60b631f773e32f93ae3c46cec96d1483c76a05493915bdacb913d94a939de5
size: 420637
this_path: /data/cuckoo/storage/analyses/6000478/files/1009/pagefile.sys .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: bba110d406ed8ecbf71f1c40b519f154
name: PerfLogs .exe
new_size: 410KB (420637bytes)
operation: 修改文件
path: C:\PerfLogs .exe
processid: 2104
processname: puxfa.exe
sha1: 36708c244b47446e33fc381f19eaa556c28a5890
sha256: 7baede1b87b2a15d7a5a7fa76ab1acedb1bacd79038705696ef50b493ab7c727
size: 420637
this_path: /data/cuckoo/storage/analyses/6000478/files/1010/PerfLogs .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: fc15a501d24c7bb5ab8c62b2e1b7b432
name: Program Files .exe
new_size: 410KB (420637bytes)
operation: 修改文件
path: C:\Program Files .exe
processid: 2104
processname: puxfa.exe
sha1: cbd8471d16223cbd60f02d6831da156da96445f9
sha256: 77673c5144d4ea31bfa50c3007856867b7dbf1a65be2add5f31c623f78c4b17f
size: 420637
this_path: /data/cuckoo/storage/analyses/6000478/files/1011/Program Files .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 22bab8ade19238ab7f9a4ff5275be697
name: Program Files (x86) .exe
new_size: 410KB (420637bytes)
operation: 修改文件
path: C:\Program Files (x86) .exe
processid: 2104
processname: puxfa.exe
sha1: f478e0bcc7dedcd29cfc54745a418d85f6550693
sha256: b784d54221240356595392555c5aedc37a9bd98996665c51d5ab195f2f06d80b
size: 420637
this_path: /data/cuckoo/storage/analyses/6000478/files/1012/Program Files (x86) .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: e52e966a96703320d12f038f6b99a3de
name: ProgramData .exe
new_size: 410KB (420637bytes)
operation: 修改文件
path: C:\ProgramData .exe
processid: 2104
processname: puxfa.exe
sha1: 33143ba3e70cf82514dde897e63ab86d71e2462a
sha256: 6e8d1c8c879dd8c30d3483f57f57d1e95cb5912b7526a72a6c30463d6ab123d3
size: 420637
this_path: /data/cuckoo/storage/analyses/6000478/files/1013/ProgramData .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 9235a86dc1b7351d1a8d9547fb63597f
name: Python27 .exe
new_size: 410KB (420637bytes)
operation: 修改文件
path: C:\Python27 .exe
processid: 2104
processname: puxfa.exe
sha1: 9ae77f35d884a87719c1f970a64f68151cf39cef
sha256: ace4b37362bcc9115687b589e428379aa5f2c74dc33f9540b33ea80eb90d9fe3
size: 420637
this_path: /data/cuckoo/storage/analyses/6000478/files/1014/Python27 .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 79c76955aca9ac2719513ccc28418bef
name: quVvHWZOpm .exe
new_size: 410KB (420637bytes)
operation: 修改文件
path: C:\quVvHWZOpm .exe
processid: 2104
processname: puxfa.exe
sha1: b0eb64390faf88cf75700b4f6e21d1bb895fe674
sha256: 32c4fa677c94b64b585713b196d1c0f115687ae17cf30645fc25cf5fea0b22c2
size: 420637
this_path: /data/cuckoo/storage/analyses/6000478/files/1015/quVvHWZOpm .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: b111b806e6b9cff106e8dfc883f16990
name: Recovery .exe
new_size: 410KB (420637bytes)
operation: 修改文件
path: C:\Recovery .exe
processid: 2104
processname: puxfa.exe
sha1: 6a179b6b748737dfffe8cdb2b0f7c90d94c9ed2e
sha256: c3d95e442c3298594bd59e74a6727211efd56205e9e53a4914170376572a3941
size: 420637
this_path: /data/cuckoo/storage/analyses/6000478/files/1016/Recovery .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 31c9a6bf625458bb3257794658c2d664
name: System Volume Information .exe
new_size: 307KB (314776bytes)
operation: 修改文件
path: C:\System Volume Information .exe
processid: 2104
processname: puxfa.exe
sha1: 4aa87851b9bdaea0475dbc7a015fb8f2a50c22df
sha256: f1208c71f8feb6d416b238f93462f028a6fe10540a1b61b168bc94070c2de1d7
size: 314776
this_path: /data/cuckoo/storage/analyses/6000478/files/1017/System Volume Information .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows

 Dropped Unsave

analysis_result: Trojan.Win32.Agent.nezvfi
create: 0
how: write
md5: 791555e30778100f5bf433b077b7d658
name: puxfa.exe
new_size: 260KB (266814bytes)
operation: 修改文件
path: C:\ProgramData\puxfa.exe
processid: 2204
processname: 1620583220658_e8582ddab30d5330e6f653cbb191900a.exe
sha1: 5b8ca6b636a738964b54bf3c23b338a83366e970
sha256: 21e3c263dcf7f61f24e2d625172cc5051138478dad018b5a65ab7deab8b78fed
size: 266814
this_path: /data/cuckoo/storage/analyses/6000478/files/1000/puxfa.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows

 Malicious

attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 3
process_id: 2204
process_name: 1620583220658_e8582ddab30d5330e6f653cbb191900a.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 30
process_id: 2204
process_name: 1620583220658_e8582ddab30d5330e6f653cbb191900a.exe
rulename: 遍历文件
attck_tactics: 防御逃逸
level: 2
matchedinfo: 通过修改查看隐藏文件设置,达到隐藏文件的目的
num: 180
process_id: 2204
process_name: 1620583220658_e8582ddab30d5330e6f653cbb191900a.exe
rulename: 获取隐藏文件设置
attck_tactics: 持久化
level: 2
matchedinfo: 恶意程序通过修改注册表的方式实现随系统自启动,以达到长期控制或驻留系统的目的
num: 8
process_id: 2104
process_name: puxfa.exe
rulename: 写入自启动注册表,增加自启动2
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 18
process_id: 2104
process_name: puxfa.exe
rulename: 遍历文件