VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load
VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Basic Information

file name: 00甄嬛传
file size: 155982
file type: application/x-dosexec
MD5: db2d74adf8290adba31b5a24fb2bfe6c
sha1: cbf6a3f010529c1d8da884adac3aedc78a5a3457

 CreateProcess

ApplicationName:
CmdLine: "C:\Users\Administrator\AppData\Roaming\gliD312.tmp.bat" "C:\Users\Administrator\AppData\Local\Temp\1621251024806_db2d74adf8290adba31b5a24fb2bfe6c.exe"
childid: 240
childname: cmd.exe
childpath: C:\Windows\SysWOW64\cmd.exe
drop_type:
name: 1621251024806_db2d74adf8290adba31b5a24fb2bfe6c.exe
noNeedLine: 1
path: C:\Users\Administrator\AppData\Local\Temp\1621251024806_db2d74adf8290adba31b5a24fb2bfe6c.exe
pid: 536
ApplicationName: C:\Windows\System32\attrib.exe
CmdLine: attrib -r -s -h "C:\Users\Administrator\AppData\Local\Temp\1621251024806_db2d74adf8290adba31b5a24fb2bfe6c.exe"
childid: 2792
childname: attrib.exe
childpath: C:\Windows\SysWOW64\attrib.exe
drop_type:
name: cmd.exe
noNeedLine:
path: C:\Windows\SysWOW64\cmd.exe
pid: 240
ApplicationName:
CmdLine:
childid: 536
childname: 1621251024806_db2d74adf8290adba31b5a24fb2bfe6c.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\1621251024806_db2d74adf8290adba31b5a24fb2bfe6c.exe
drop_type:
name:
noNeedLine:
path:
pid: 2880

 Dropped_Save

analysis_result: 安全
create: 0
how: del
md5: aee70f50516e7949dfc19f8d10cdfae8
name: gliD312.tmp.bat
new_size: 54bytes
operation: 释放后删除文件
path: C:\Users\Administrator\AppData\Roaming\gliD312.tmp.bat
processid: 240
processname: cmd.exe
sha1: 156c66bcb183f2ca0033de054a67a8bf057d7c94
sha256: 9c013310323a49036853b98b7114070cb4c94f446f531f92ed966ec2bd95ab25
size: 54
this_path: /data/cuckoo/storage/analyses/4000899/files/7339162098/gliD312.tmp.bat
type: ASCII text, with CRLF line terminators
analysis_result: 安全
create: 0
how: write
md5: b9fd0f596b12edd89fdf564731399204
name: 2d17e659d34601689591
new_size: 29bytes
operation: 修改文件
path: C:\Users\Administrator\AppData\Local\Temp\2d17e659d34601689591
processid: 536
processname: 1621251024806_db2d74adf8290adba31b5a24fb2bfe6c.exe
sha1: 9aa42968fe931be66b8759618f597b042943099a
sha256: 2720c9098b318c4f51eb422dc5b3049a4a42f4872b520672d456ff87a77d6244
size: 29
this_path: /data/cuckoo/storage/analyses/4000899/files/1001/2d17e659d34601689591
type: ASCII text, with no line terminators

 Dropped Unsave

analysis_result: Trojan-Banker.Win32.Shifu.eph
create: 0
how: write
md5: d18c3b45467dc98015c85e8b2183e73d
name: d0880bfhhd.exe
new_size: 152KB (155982bytes)
operation: 修改文件
path: C:\ProgramData\d0880bfhhd.exe
processid: 536
processname: 1621251024806_db2d74adf8290adba31b5a24fb2bfe6c.exe
sha1: 304857db3c75ee9e3aa038e0caa0d4379ce6b3ee
sha256: 18cca9bfd293194f1e72287443eda1001c6c6c5df6bf62e2c5130b91cd5e6b8a
size: 155982
this_path: /data/cuckoo/storage/analyses/4000899/files/1000/d0880bfhhd.exe
type: MS-DOS executable, MZ for MS-DOS

 Malicious

attck_tactics: 基础信息获取
level: 1
matchedinfo: 恶意程序会通过收集电脑配置信息来进行信息的统计
num: 16
process_id: 536
process_name: 1621251024806_db2d74adf8290adba31b5a24fb2bfe6c.exe
rulename: 系统配置信息收集
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 一般被用于文件的加密、数据的加密传输或可能被用于勒索者病毒中
num: 126
process_id: 536
process_name: 1621251024806_db2d74adf8290adba31b5a24fb2bfe6c.exe
rulename: 调用加密算法库
attck_tactics: 防御逃逸
level: 3
matchedinfo: 恶意程序通过使用批处理删除正常文件或恶意文件自身或恶意文件释放的文件,以达到破坏正常文件或隐藏恶意文件的目的
num: 164
process_id: 536
process_name: 1621251024806_db2d74adf8290adba31b5a24fb2bfe6c.exe
rulename: 删除文件(使用批处理方式)
attck_tactics: 防御逃逸
level: 2
matchedinfo: 通过修改查看隐藏文件设置,达到隐藏文件的目的
num: 320
process_id: 536
process_name: 1621251024806_db2d74adf8290adba31b5a24fb2bfe6c.exe
rulename: 获取隐藏文件设置
attck_tactics: 执行
level: 2
matchedinfo: 恶意程序通过打开线程,以达到操作其它线程的目的
num: 2
process_id: 240
process_name: cmd.exe
rulename: 打开其他线程
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 27
process_id: 240
process_name: cmd.exe
rulename: 遍历文件
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 2
process_id: 2792
process_name: attrib.exe
rulename: 遍历文件