VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load
VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Basic Information

file name: FormatTool.exe
file size: 482047
file type: application/x-dosexec
MD5: d8ff345cc0351e66fcc2e2fa185a956d
sha1: f4fbfa9d55a80f4b84a39aab9601da1d25657de9

 CreateProcess

ApplicationName:
CmdLine:
childid: 2776
childname: 1618660814117_d8ff345cc0351e66fcc2e2fa185a956d.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\1618660814117_d8ff345cc0351e66fcc2e2fa185a956d.exe
drop_type:
name:
noNeedLine:
path:
pid: 2756

 Dropped_Save

analysis_result: 安全
create: 0
how: del
md5: 2ea9ea351d25d489d48674b33e975144
name: aut419.tmp
new_size: 3972bytes
operation: 释放后删除文件
path: C:\Users\Administrator\AppData\Local\Temp\aut419.tmp
processid: 2776
processname: 1618660814117_d8ff345cc0351e66fcc2e2fa185a956d.exe
sha1: 85f78952c8b84ad5eaff2d591e681a09f6a43c88
sha256: ccafb7ebade1814a3fc79d466f561ca092dff6edb88934299ff2da78ca58091f
size: 3972
this_path: /data/cuckoo/storage/analyses/6000022/files/2704610660/aut419.tmp
type: data
analysis_result: 安全
create: 0
how: del
md5: e9d19cc99f5440680a99cf3e642355be
name: Fbg.tmp
new_size: 139KB (143334bytes)
operation: 释放后删除文件
path: C:\Users\Administrator\AppData\Local\Temp\Fbg.tmp
processid: 2776
processname: 1618660814117_d8ff345cc0351e66fcc2e2fa185a956d.exe
sha1: a493894b09b83b88fb33986b61f4b42b266de08f
sha256: 94cea2fe1712b1aa916a0b734b5d79fd226e69f87f03ae3326b839b249c978d2
size: 143334
this_path: /data/cuckoo/storage/analyses/6000022/files/8050484296/Fbg.tmp
type: PC bitmap, Windows 3.x format, 265 x 180 x 24

 Malicious

attck_tactics: 基础信息获取
level: 1
matchedinfo: 恶意程序会通过收集电脑配置信息来进行信息的统计
num: 7
process_id: 2776
process_name: 1618660814117_d8ff345cc0351e66fcc2e2fa185a956d.exe
rulename: 系统配置信息收集
attck_tactics: 基础信息获取
level: 1
matchedinfo: 恶意程序通过获取用户磁盘信息的方式,以达到获取敏感信息的目的
num: 77
process_id: 2776
process_name: 1618660814117_d8ff345cc0351e66fcc2e2fa185a956d.exe
rulename: 收集磁盘信息
attck_tactics: 防御逃逸
level: 2
matchedinfo: 通过修改查看隐藏文件设置,达到隐藏文件的目的
num: 882
process_id: 2776
process_name: 1618660814117_d8ff345cc0351e66fcc2e2fa185a956d.exe
rulename: 获取隐藏文件设置
attck_tactics: 持久化
level: 1
matchedinfo: 恶意程序通过打开服务控制管理器(Service Control Manager),以达到对服务进行控制的目的
num: 1268
process_id: 2776
process_name: 1618660814117_d8ff345cc0351e66fcc2e2fa185a956d.exe
rulename: 打开服务控制管理器
attck_tactics: 防御逃逸
level: 2
matchedinfo: 检查程序运行时监视鼠标是否移动。一般被恶意软件用于沙盒逃逸
num: 1475
process_id: 2776
process_name: 1618660814117_d8ff345cc0351e66fcc2e2fa185a956d.exe
rulename: 获取当前鼠标位置
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 1500
process_id: 2776
process_name: 1618660814117_d8ff345cc0351e66fcc2e2fa185a956d.exe
rulename: 遍历文件
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 一般被用于文件的加密、数据的加密传输或可能被用于勒索者病毒中
num: 1561
process_id: 2776
process_name: 1618660814117_d8ff345cc0351e66fcc2e2fa185a956d.exe
rulename: 调用加密算法库