VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load
VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Basic Information

file name: 00绿箭侠
file size: 256521
file type: application/x-dosexec
MD5: e687047380052f12115424d89931ea55
sha1: 7078766537adf19089a77b07433c31ea876e9729

 CreateProcess

ApplicationName:
CmdLine:
childid: 2928
childname: 1620583249404_e687047380052f12115424d89931ea55.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\1620583249404_e687047380052f12115424d89931ea55.exe
drop_type:
name:
noNeedLine:
path:
pid: 1052
ApplicationName:
CmdLine:
childid: 3024
childname: nslookup.exe
childpath: C:\Windows\SysWOW64\nslookup.exe
drop_type:
name: 1620583249404_e687047380052f12115424d89931ea55.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1620583249404_e687047380052f12115424d89931ea55.exe
pid: 2928
ApplicationName:
CmdLine:
childid: 2620
childname: nslookup.exe
childpath: C:\Windows\SysWOW64\nslookup.exe
drop_type:
name: 1620583249404_e687047380052f12115424d89931ea55.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1620583249404_e687047380052f12115424d89931ea55.exe
pid: 2928
ApplicationName:
CmdLine:
childid: 1660
childname: nslookup.exe
childpath: C:\Windows\SysWOW64\nslookup.exe
drop_type:
name: 1620583249404_e687047380052f12115424d89931ea55.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1620583249404_e687047380052f12115424d89931ea55.exe
pid: 2928
ApplicationName:
CmdLine:
childid: 3048
childname: nslookup.exe
childpath: C:\Windows\SysWOW64\nslookup.exe
drop_type:
name: 1620583249404_e687047380052f12115424d89931ea55.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1620583249404_e687047380052f12115424d89931ea55.exe
pid: 2928
ApplicationName:
CmdLine:
childid: 3060
childname: nslookup.exe
childpath: C:\Windows\SysWOW64\nslookup.exe
drop_type:
name: 1620583249404_e687047380052f12115424d89931ea55.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1620583249404_e687047380052f12115424d89931ea55.exe
pid: 2928
ApplicationName:
CmdLine:
childid: 1968
childname: nslookup.exe
childpath: C:\Windows\SysWOW64\nslookup.exe
drop_type:
name: 1620583249404_e687047380052f12115424d89931ea55.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1620583249404_e687047380052f12115424d89931ea55.exe
pid: 2928
ApplicationName:
CmdLine:
childid: 632
childname: nslookup.exe
childpath: C:\Windows\SysWOW64\nslookup.exe
drop_type:
name: 1620583249404_e687047380052f12115424d89931ea55.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1620583249404_e687047380052f12115424d89931ea55.exe
pid: 2928
ApplicationName:
CmdLine:
childid: 688
childname: nslookup.exe
childpath: C:\Windows\SysWOW64\nslookup.exe
drop_type:
name: 1620583249404_e687047380052f12115424d89931ea55.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1620583249404_e687047380052f12115424d89931ea55.exe
pid: 2928
ApplicationName:
CmdLine:
childid: 1448
childname: nslookup.exe
childpath: C:\Windows\SysWOW64\nslookup.exe
drop_type:
name: 1620583249404_e687047380052f12115424d89931ea55.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1620583249404_e687047380052f12115424d89931ea55.exe
pid: 2928
ApplicationName:
CmdLine:
childid: 2740
childname: nslookup.exe
childpath: C:\Windows\SysWOW64\nslookup.exe
drop_type:
name: 1620583249404_e687047380052f12115424d89931ea55.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1620583249404_e687047380052f12115424d89931ea55.exe
pid: 2928
ApplicationName:
CmdLine:
childid: 536
childname: nslookup.exe
childpath: C:\Windows\SysWOW64\nslookup.exe
drop_type:
name: 1620583249404_e687047380052f12115424d89931ea55.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1620583249404_e687047380052f12115424d89931ea55.exe
pid: 2928
ApplicationName:
CmdLine:
childid: 2208
childname: nslookup.exe
childpath: C:\Windows\SysWOW64\nslookup.exe
drop_type:
name: 1620583249404_e687047380052f12115424d89931ea55.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1620583249404_e687047380052f12115424d89931ea55.exe
pid: 2928

 Dropped Unsave

analysis_result: HEUR:Trojan.Win32.Generic
create: 0
how: write
md5: a0b9658cd6cea71fabdc261a6178bea3
name: ehcovz.exe
new_size: 250KB (256521bytes)
operation: 修改文件
path: C:\Users\Administrator\AppData\Roaming\Microsoft\ehcovz.exe
processid: 2928
processname: 1620583249404_e687047380052f12115424d89931ea55.exe
sha1: a2cc1a83e70d14752f35cd626ad4e01ea89b252e
sha256: 4f74e8048f5911b8352ecd9341ff9d219e16a41ebcb28b8e121b1e532d814ef5
size: 256521
this_path: /data/cuckoo/storage/analyses/6000479/files/1000/ehcovz.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows

 Malicious

attck_tactics: 基础信息获取
level: 1
matchedinfo: 恶意程序通过获取用户网卡信息的方式,以达到获取敏感信息的目的
num: 245
process_id: 3024
process_name: nslookup.exe
rulename: 收集电脑网卡信息
attck_tactics: 命令与控制
level: 2
matchedinfo: 恶意程序可能连接非常规端口网络连接进行数据偷取操作
num: 291
process_id: 3024
process_name: nslookup.exe
rulename: 连接非常规端口
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意程序通过创建网络连接的方式,以达到通过网络连接进行通信的目的
num: 291
process_id: 3024
process_name: nslookup.exe
rulename: 创建网络套接字连接
attck_tactics: 基础信息获取
level: 1
matchedinfo: 恶意程序通过获取用户网卡信息的方式,以达到获取敏感信息的目的
num: 245
process_id: 2620
process_name: nslookup.exe
rulename: 收集电脑网卡信息
attck_tactics: 命令与控制
level: 2
matchedinfo: 恶意程序可能连接非常规端口网络连接进行数据偷取操作
num: 291
process_id: 2620
process_name: nslookup.exe
rulename: 连接非常规端口
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意程序通过创建网络连接的方式,以达到通过网络连接进行通信的目的
num: 291
process_id: 2620
process_name: nslookup.exe
rulename: 创建网络套接字连接
attck_tactics: 基础信息获取
level: 1
matchedinfo: 恶意程序通过获取用户网卡信息的方式,以达到获取敏感信息的目的
num: 245
process_id: 1660
process_name: nslookup.exe
rulename: 收集电脑网卡信息
attck_tactics: 命令与控制
level: 2
matchedinfo: 恶意程序可能连接非常规端口网络连接进行数据偷取操作
num: 291
process_id: 1660
process_name: nslookup.exe
rulename: 连接非常规端口
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意程序通过创建网络连接的方式,以达到通过网络连接进行通信的目的
num: 291
process_id: 1660
process_name: nslookup.exe
rulename: 创建网络套接字连接
attck_tactics: 基础信息获取
level: 1
matchedinfo: 恶意程序通过获取用户网卡信息的方式,以达到获取敏感信息的目的
num: 245
process_id: 3048
process_name: nslookup.exe
rulename: 收集电脑网卡信息
attck_tactics: 命令与控制
level: 2
matchedinfo: 恶意程序可能连接非常规端口网络连接进行数据偷取操作
num: 291
process_id: 3048
process_name: nslookup.exe
rulename: 连接非常规端口
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意程序通过创建网络连接的方式,以达到通过网络连接进行通信的目的
num: 291
process_id: 3048
process_name: nslookup.exe
rulename: 创建网络套接字连接
attck_tactics: 基础信息获取
level: 1
matchedinfo: 恶意程序通过获取用户网卡信息的方式,以达到获取敏感信息的目的
num: 245
process_id: 3060
process_name: nslookup.exe
rulename: 收集电脑网卡信息
attck_tactics: 命令与控制
level: 2
matchedinfo: 恶意程序可能连接非常规端口网络连接进行数据偷取操作
num: 291
process_id: 3060
process_name: nslookup.exe
rulename: 连接非常规端口
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意程序通过创建网络连接的方式,以达到通过网络连接进行通信的目的
num: 291
process_id: 3060
process_name: nslookup.exe
rulename: 创建网络套接字连接
attck_tactics: 基础信息获取
level: 1
matchedinfo: 恶意程序通过获取用户网卡信息的方式,以达到获取敏感信息的目的
num: 245
process_id: 1968
process_name: nslookup.exe
rulename: 收集电脑网卡信息
attck_tactics: 命令与控制
level: 2
matchedinfo: 恶意程序可能连接非常规端口网络连接进行数据偷取操作
num: 291
process_id: 1968
process_name: nslookup.exe
rulename: 连接非常规端口
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意程序通过创建网络连接的方式,以达到通过网络连接进行通信的目的
num: 291
process_id: 1968
process_name: nslookup.exe
rulename: 创建网络套接字连接
attck_tactics: 基础信息获取
level: 1
matchedinfo: 恶意程序通过获取用户网卡信息的方式,以达到获取敏感信息的目的
num: 245
process_id: 632
process_name: nslookup.exe
rulename: 收集电脑网卡信息
attck_tactics: 命令与控制
level: 2
matchedinfo: 恶意程序可能连接非常规端口网络连接进行数据偷取操作
num: 291
process_id: 632
process_name: nslookup.exe
rulename: 连接非常规端口
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意程序通过创建网络连接的方式,以达到通过网络连接进行通信的目的
num: 291
process_id: 632
process_name: nslookup.exe
rulename: 创建网络套接字连接
attck_tactics: 基础信息获取
level: 1
matchedinfo: 恶意程序通过获取用户网卡信息的方式,以达到获取敏感信息的目的
num: 245
process_id: 688
process_name: nslookup.exe
rulename: 收集电脑网卡信息
attck_tactics: 命令与控制
level: 2
matchedinfo: 恶意程序可能连接非常规端口网络连接进行数据偷取操作
num: 291
process_id: 688
process_name: nslookup.exe
rulename: 连接非常规端口
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意程序通过创建网络连接的方式,以达到通过网络连接进行通信的目的
num: 291
process_id: 688
process_name: nslookup.exe
rulename: 创建网络套接字连接
attck_tactics: 基础信息获取
level: 1
matchedinfo: 恶意程序通过获取用户网卡信息的方式,以达到获取敏感信息的目的
num: 245
process_id: 1448
process_name: nslookup.exe
rulename: 收集电脑网卡信息
attck_tactics: 命令与控制
level: 2
matchedinfo: 恶意程序可能连接非常规端口网络连接进行数据偷取操作
num: 291
process_id: 1448
process_name: nslookup.exe
rulename: 连接非常规端口
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意程序通过创建网络连接的方式,以达到通过网络连接进行通信的目的
num: 291
process_id: 1448
process_name: nslookup.exe
rulename: 创建网络套接字连接
attck_tactics: 基础信息获取
level: 1
matchedinfo: 恶意程序通过获取用户网卡信息的方式,以达到获取敏感信息的目的
num: 245
process_id: 2740
process_name: nslookup.exe
rulename: 收集电脑网卡信息
attck_tactics: 命令与控制
level: 2
matchedinfo: 恶意程序可能连接非常规端口网络连接进行数据偷取操作
num: 291
process_id: 2740
process_name: nslookup.exe
rulename: 连接非常规端口
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意程序通过创建网络连接的方式,以达到通过网络连接进行通信的目的
num: 291
process_id: 2740
process_name: nslookup.exe
rulename: 创建网络套接字连接
attck_tactics: 基础信息获取
level: 1
matchedinfo: 恶意程序通过获取用户网卡信息的方式,以达到获取敏感信息的目的
num: 245
process_id: 536
process_name: nslookup.exe
rulename: 收集电脑网卡信息
attck_tactics: 命令与控制
level: 2
matchedinfo: 恶意程序可能连接非常规端口网络连接进行数据偷取操作
num: 291
process_id: 536
process_name: nslookup.exe
rulename: 连接非常规端口
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意程序通过创建网络连接的方式,以达到通过网络连接进行通信的目的
num: 291
process_id: 536
process_name: nslookup.exe
rulename: 创建网络套接字连接
attck_tactics: 基础信息获取
level: 1
matchedinfo: 恶意程序通过获取用户网卡信息的方式,以达到获取敏感信息的目的
num: 245
process_id: 2208
process_name: nslookup.exe
rulename: 收集电脑网卡信息
attck_tactics: 命令与控制
level: 2
matchedinfo: 恶意程序可能连接非常规端口网络连接进行数据偷取操作
num: 291
process_id: 2208
process_name: nslookup.exe
rulename: 连接非常规端口
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意程序通过创建网络连接的方式,以达到通过网络连接进行通信的目的
num: 291
process_id: 2208
process_name: nslookup.exe
rulename: 创建网络套接字连接