VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load
VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Basic Information

file name: 00沉香
file size: 1384270
file type: application/x-dosexec
MD5: 267fd885d9105734371e860533f07eb5
sha1: 6d54d7fae6cf08a936460cee93ac2d6a4add92e8

 CreateProcess

ApplicationName: C:\Users\Administrator\AppData\Local\Temp\AE4.tmp
CmdLine: "C:\Users\ADMINI~1\AppData\Local\Temp\AE4.tmp" --pingC:\Users\Administrator\AppData\Local\Temp\1619674247770_267fd885d9105734371e860533f07eb5.exe D328D5C6608EEAEEE6E67942C4F843BE07D2874EBE680B0BC436A3C8B56128A3AC84A8A14212852B0A65CB2515E7B1A02D7BBAB9A9E9EAC637FB0983C4DF6078
childid: 2992
childname: AE4.tmp
childpath: C:\Users\Administrator\AppData\Local\Temp\AE4.tmp
drop_type: 1
name: 1619674247770_267fd885d9105734371e860533f07eb5.exe
noNeedLine: 1
path: C:\Users\Administrator\AppData\Local\Temp\1619674247770_267fd885d9105734371e860533f07eb5.exe
pid: 2348
ApplicationName:
CmdLine:
childid: 2348
childname: 1619674247770_267fd885d9105734371e860533f07eb5.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\1619674247770_267fd885d9105734371e860533f07eb5.exe
drop_type:
name:
noNeedLine:
path:
pid: 2984

 Dropped Unsave

analysis_result: HEUR:Backdoor.Win32.Finfish.vho
create: 0
how: write
md5: 8bf4f1ce8093407b851d4d81cdc7b19a
name: AE4.tmp
new_size: 1351KB (1384270bytes)
operation: 修改文件
path: C:\Users\Administrator\AppData\Local\Temp\AE4.tmp
processid: 2348
processname: 1619674247770_267fd885d9105734371e860533f07eb5.exe
sha1: 91b62dd497b3236e3c130f2b31e8d68eb2f35f08
sha256: 76352b8428e5518bd510850ab76eb55455146603ecf68a1844556a57f7727eec
size: 1384270
this_path: /data/cuckoo/storage/analyses/7000396/files/1000/AE4.tmp
type: PE32 executable (GUI) Intel 80386, for MS Windows

 Malicious

attck_tactics: 基础信息获取
level: 1
matchedinfo: 恶意程序通过调用关键api的获取系统的用户名,以达到收集用户信息的目的
num: 87
process_id: 2348
process_name: 1619674247770_267fd885d9105734371e860533f07eb5.exe
rulename: 获取当前用户名
attck_tactics: 持久化
level: 1
matchedinfo: 恶意程序通过打开服务控制管理器(Service Control Manager),以达到对服务进行控制的目的
num: 96
process_id: 2348
process_name: 1619674247770_267fd885d9105734371e860533f07eb5.exe
rulename: 打开服务控制管理器
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 一般被用于文件的加密、数据的加密传输或可能被用于勒索者病毒中
num: 110
process_id: 2348
process_name: 1619674247770_267fd885d9105734371e860533f07eb5.exe
rulename: 调用加密算法库
attck_tactics: 防御逃逸
level: 2
matchedinfo: 通过特殊的参数来调用程序,以达到混淆视听欺骗用户的目的
num: 124
process_id: 2348
process_name: 1619674247770_267fd885d9105734371e860533f07eb5.exe
rulename: 创建可疑进程
attck_tactics: 基础信息获取
level: 1
matchedinfo: 恶意程序通过调用关键api的获取系统的用户名,以达到收集用户信息的目的
num: 87
process_id: 2992
process_name: AE4.tmp
rulename: 获取当前用户名