VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load
VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Basic Information

file name: 00遥远的救世主
file size: 559960
file type: application/x-dosexec
MD5: 72315f1aee38f9519e1aba0372ffa99b
sha1: d247dd66601624fb33049fd329d1d47ad5cba973

 CreateProcess

ApplicationName:
CmdLine:
childid: 2952
childname: 1618605018736_72315f1aee38f9519e1aba0372ffa99b.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\1618605018736_72315f1aee38f9519e1aba0372ffa99b.exe
drop_type:
name:
noNeedLine:
path:
pid: 2792

 Summary

buffer: 0
processid: 2952
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\1618605018736_72315f1aee38f9519e1aba0372ffa99b_RASAPI32
type: REG_DWORD
valuename: EnableFileTracing
buffer: 0
processid: 2952
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\1618605018736_72315f1aee38f9519e1aba0372ffa99b_RASAPI32
type: REG_DWORD
valuename: EnableConsoleTracing
buffer: 4294901760
processid: 2952
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\1618605018736_72315f1aee38f9519e1aba0372ffa99b_RASAPI32
type: REG_DWORD
valuename: FileTracingMask
buffer: 4294901760
processid: 2952
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\1618605018736_72315f1aee38f9519e1aba0372ffa99b_RASAPI32
type: REG_DWORD
valuename: ConsoleTracingMask
buffer: 1048576
processid: 2952
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\1618605018736_72315f1aee38f9519e1aba0372ffa99b_RASAPI32
type: REG_DWORD
valuename: MaxFileSize
buffer: %windir%\tracing\x00
processid: 2952
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\1618605018736_72315f1aee38f9519e1aba0372ffa99b_RASAPI32
type: REG_EXPAND_SZ
valuename: FileDirectory
buffer: 0
processid: 2952
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\1618605018736_72315f1aee38f9519e1aba0372ffa99b_RASMANCS
type: REG_DWORD
valuename: EnableFileTracing
buffer: 0
processid: 2952
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\1618605018736_72315f1aee38f9519e1aba0372ffa99b_RASMANCS
type: REG_DWORD
valuename: EnableConsoleTracing
buffer: 4294901760
processid: 2952
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\1618605018736_72315f1aee38f9519e1aba0372ffa99b_RASMANCS
type: REG_DWORD
valuename: FileTracingMask
buffer: 4294901760
processid: 2952
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\1618605018736_72315f1aee38f9519e1aba0372ffa99b_RASMANCS
type: REG_DWORD
valuename: ConsoleTracingMask
buffer: 1048576
processid: 2952
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\1618605018736_72315f1aee38f9519e1aba0372ffa99b_RASMANCS
type: REG_DWORD
valuename: MaxFileSize
buffer: %windir%\tracing\x00
processid: 2952
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\1618605018736_72315f1aee38f9519e1aba0372ffa99b_RASMANCS
type: REG_EXPAND_SZ
valuename: FileDirectory

 Behavior_analysis

message: 企图通过长时间休眠躲避沙箱检测
name: 长时间休眠
szSubkey:
score: 2

 Dropped_Save

analysis_result: 安全
create: 0
how: write
md5: d99b79ae9d7124f9a45fb35d6ddc3493
name: DLGDFDD.tmp
new_size: 25KB (25728bytes)
operation: 修改文件
path: C:\Users\Administrator\AppData\Local\Temp\DLGDFDD.tmp
processid: 2952
processname: 1618605018736_72315f1aee38f9519e1aba0372ffa99b.exe
sha1: 5cf8a701dcd0503d7a1a3d736bb70e9b1d5e0d9e
sha256: 6670fb9e498e961ce702ad7142cdf5529d646a2db9cfaa59a0f21557aceac481
size: 25728
this_path: /data/cuckoo/storage/analyses/5000014/files/1000/DLGDFDD.tmp
type: data
analysis_result: 安全
create: 0
how: write
md5: 69e4fb88f38472e651f3b4169879c47f
name: DLG-Product-Logo.png
new_size: 2599bytes
operation: 修改文件
path: C:\Users\Administrator\AppData\Local\Temp\DLG\dlgres\DLG-Product-Logo.png
processid: 2952
processname: 1618605018736_72315f1aee38f9519e1aba0372ffa99b.exe
sha1: b5ac25ecf94344196f5cc3f8b0dd4b863fb73182
sha256: bd284633e72034f963ae0db7bbf7714cd735dcb51d905969f1d8b03b73952033
size: 2599
this_path: /data/cuckoo/storage/analyses/5000014/files/1001/DLG-Product-Logo.png
type: PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced
analysis_result: 安全
create: 0
how: write
md5: bf4625507c1d35caabdb3e9d9ba584a0
name: style.css
new_size: 1519bytes
operation: 修改文件
path: C:\Users\Administrator\AppData\Local\Temp\DLG\initWindow\css\style.css
processid: 2952
processname: 1618605018736_72315f1aee38f9519e1aba0372ffa99b.exe
sha1: a66e8e8db0043d182a45ce9546592ee0e1304781
sha256: 491accafcf5a3997fd2b8b6d3a91153773db8ca0df10b248a19ee51516c403a8
size: 1519
this_path: /data/cuckoo/storage/analyses/5000014/files/1002/style.css
type: assembler source, ASCII text, with CRLF line terminators
analysis_result: 安全
create: 0
how: write
md5: a0ee32dc4ffc79fdef2dc0467da538c5
name: noconnection.html
new_size: 2619bytes
operation: 修改文件
path: C:\Users\Administrator\AppData\Local\Temp\DLG\initWindow\noconnection.html
processid: 2952
processname: 1618605018736_72315f1aee38f9519e1aba0372ffa99b.exe
sha1: 15d78592ac2c313a52d3c22783aae9bb4c787182
sha256: b4508b7dcc08b2b93cd64bee68bd5174fe48f48280e59f9a81d4861c3ef0431d
size: 2619
this_path: /data/cuckoo/storage/analyses/5000014/files/1003/noconnection.html
type: HTML document, UTF-8 Unicode text, with CRLF line terminators
analysis_result: 安全
create: 0
how: write
md5: 2c68017c4ea6ee541e285aaae8840ba9
name: progress.html
new_size: 1080bytes
operation: 修改文件
path: C:\Users\Administrator\AppData\Local\Temp\DLG\initWindow\progress.html
processid: 2952
processname: 1618605018736_72315f1aee38f9519e1aba0372ffa99b.exe
sha1: f1255d0203df8e23af4a568c2de5e6762dd49d96
sha256: 6c926310dc1495ef47e07efd9b695f34c7d4f755fa011cd73455b5e4ed93898b
size: 1080
this_path: /data/cuckoo/storage/analyses/5000014/files/1004/progress.html
type: HTML document, ASCII text, with CRLF line terminators
analysis_result: 安全
create: 0
how: write
md5: 002ab0273d3f8f0575a09dc4392b1905
name: loadingImage.bmp
new_size: 1782KB (1825254bytes)
operation: 修改文件
path: C:\Users\Administrator\AppData\Local\Temp\DLG\loadingImage\loadingImage.bmp
processid: 2952
processname: 1618605018736_72315f1aee38f9519e1aba0372ffa99b.exe
sha1: b96c8394bf6ae5fb3abe8b4c2a6d0fe3c3d31303
sha256: 57f3c81751562f8327a62e3381b93367755a2dddc18becc6fedefe6ca6554d63
size: 1825254
this_path: /data/cuckoo/storage/analyses/5000014/files/1005/loadingImage.bmp
type: PC bitmap, Windows 3.x format, 5850 x 78 x 32

 Malicious

attck_tactics: 其他恶意行为
level: 1
matchedinfo: 一般被用于文件的加密、数据的加密传输或可能被用于勒索者病毒中
num: 382
process_id: 2952
process_name: 1618605018736_72315f1aee38f9519e1aba0372ffa99b.exe
rulename: 调用加密算法库
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 437
process_id: 2952
process_name: 1618605018736_72315f1aee38f9519e1aba0372ffa99b.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 防御逃逸
level: 2
matchedinfo: 通过重新写入数据到新创建的进程,以达到逃避杀毒软件检测的目的
num: 723
process_id: 2952
process_name: 1618605018736_72315f1aee38f9519e1aba0372ffa99b.exe
rulename: 进程数据重写(使用内存映射方式)
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意程序通过创建网络连接的方式,以达到通过网络连接进行通信的目的
num: 1176
process_id: 2952
process_name: 1618605018736_72315f1aee38f9519e1aba0372ffa99b.exe
rulename: 创建网络套接字连接
attck_tactics: 命令与控制
level: 1
matchedinfo: 恶意程序可能连接非常规端口网络连接进行数据偷取操作
num: 1190
process_id: 2952
process_name: 1618605018736_72315f1aee38f9519e1aba0372ffa99b.exe
rulename: 连接本地地址127.0.0.1
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 1435
process_id: 2952
process_name: 1618605018736_72315f1aee38f9519e1aba0372ffa99b.exe
rulename: 遍历文件