VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load
VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Basic Information

file name: 360se.exe
file size: 1192608
file type: application/x-dosexec
MD5: 45ebd25a2158aed5d54f1164c964c860
sha1: 15b6b76c2853b8309e2b2182bb02b42c8c1e9371

 CreateProcess

ApplicationName: C:\Program Files (x86)\Internet Explorer\iexplore.exe
CmdLine: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://se.360.cn/
childid: 1608
childname: iexplore.exe
childpath: C:\Program Files (x86)\Internet Explorer\iexplore.exe
drop_type:
name: 1620820832679_45ebd25a2158aed5d54f1164c964c860.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1620820832679_45ebd25a2158aed5d54f1164c964c860.exe
pid: 1496
ApplicationName:
CmdLine: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1608 CREDAT:14337
childid: 2968
childname: iexplore.exe
childpath: C:\Program Files (x86)\Internet Explorer\iexplore.exe
drop_type:
name: iexplore.exe
noNeedLine: 1
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
pid: 1608
ApplicationName:
CmdLine:
childid: 1496
childname: 1620820832679_45ebd25a2158aed5d54f1164c964c860.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\1620820832679_45ebd25a2158aed5d54f1164c964c860.exe
drop_type:
name:
noNeedLine:
path:
pid: 1612

 Summary

buffer: 1
processid: 1496
szSubkey: HKEY_CURRENT_USER\Software\360\360se6\Chrome
type: REG_DWORD
valuename: launch_fail
buffer: 0
processid: 1608
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
type: REG_DWORD
valuename: CompatibilityFlags
buffer: 0
processid: 1608
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\AdminActive
type: REG_DWORD
valuename: {CDB828E0-B319-11EB-9574-080027BF020F}
buffer: 0
processid: 1608
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
type: REG_DWORD
valuename: UNCAsIntranet
buffer: 1
processid: 1608
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
type: REG_DWORD
valuename: AutoDetect
buffer: 0
processid: 1608
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
type: REG_DWORD
valuename: UNCAsIntranet
buffer: 1
processid: 1608
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
type: REG_DWORD
valuename: AutoDetect
buffer: 0
processid: 1608
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
type: REG_DWORD
valuename: UNCAsIntranet
buffer: 1
processid: 1608
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
type: REG_DWORD
valuename: AutoDetect
buffer: 1
processid: 1608
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Zones
type: REG_DWORD
valuename: SecuritySafe
buffer: 4
processid: 1608
szSubkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
type: REG_DWORD
valuename: Type
buffer: 31
processid: 1608
szSubkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
type: REG_DWORD
valuename: Count
buffer: \xe5\x07\x05\x00\x03\x00\x0c\x00\x11\x00\x1a\x00)\x00^\x00
processid: 1608
szSubkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
type: REG_BINARY
valuename: Time
buffer: 4
processid: 1608
szSubkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
type: REG_DWORD
valuename: Type
buffer: 31
processid: 1608
szSubkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
type: REG_DWORD
valuename: Count
buffer: \xe5\x07\x05\x00\x03\x00\x0c\x00\x11\x00\x1a\x00)\x00^\x00
processid: 1608
szSubkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
type: REG_BINARY
valuename: Time
buffer: no
processid: 1608
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
type: REG_SZ
valuename: FullScreen
buffer: ,\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00 \x03\x00\x000\x02\x00\x00
processid: 1608
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
type: REG_BINARY
valuename: Window_Placement
buffer: \x08\x00\x00\x00\x02\x00\x00\x00\xdc\x01\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00l\x00\x00\x00\x03\x00\x00\x00^\x002\x00P\x00\x00\x00\xacR5` \x00desktop.ini\x00D\x00\x08\x00\x04\x00\xef\xbe\xacR5`\xacR5`*\x00\x00\x00n.\x01\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00d\x00e\x00s\x00k\x00t\x00o\x00p\x00.\x00i\x00n\x00i\x00\x00\x00\x1a\x00\x00\x00\x00\x00\x00\x00x\x00\x00\x00\x02\x00\x00\x00j\x006\x00\xd4\x00\x00\x00\xacR5` \x00~v\xa6^\x00N\x0bN\x0c\xff`O1\\xe5wS\x90.\x00H\x00\x08\x00\x04\x00\xef\xbe\xacR5`\xacR5`*\x00\x00\x00q.\x01\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00~v\xa6^\x00N\x0bN\x0c\xff`O1\\xe5wS\x90.\x00u\x00r\x00l\x00\x00\x00"\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00
processid: 1608
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links\(Default)
type: REG_BINARY
valuename: Order
buffer: 1
processid: 1608
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\{42E7C687-3C56-48E6-A2A2-AB48DD2D7BC7}
type: REG_DWORD
valuename: WpadDecisionReason
buffer: \x10?\x06\xfaSG\xd7\x01
processid: 1608
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\{42E7C687-3C56-48E6-A2A2-AB48DD2D7BC7}
type: REG_BINARY
valuename: WpadDecisionTime
buffer: 3
processid: 1608
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\{42E7C687-3C56-48E6-A2A2-AB48DD2D7BC7}
type: REG_DWORD
valuename: WpadDecision
buffer: 网络 2
processid: 1608
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\{42E7C687-3C56-48E6-A2A2-AB48DD2D7BC7}
type: REG_SZ
valuename: WpadNetworkName
buffer: 1
processid: 1608
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00
type: REG_DWORD
valuename: WpadDecisionReason
buffer: \x10?\x06\xfaSG\xd7\x01
processid: 1608
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00
type: REG_BINARY
valuename: WpadDecisionTime
buffer: 3
processid: 1608
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00
type: REG_DWORD
valuename: WpadDecision
buffer: F\x00\x00\x00\x0e\x00\x00\x00 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x000\xe7\xf7\xf9SG\xd7\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x02\x00\x00\x00\xc0\xa88\xcb\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x11\x00\x00\x00\x10\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00 \x00\x00\x00\x10\x00\x00\x01\x00\x00\x00\xea\x03\x00\x00 \x06\x02\x00\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\xa0\x1a\x0f\xe7\x8b\xab\xcf\x11\x8c\xa3\x00\x80_H\xa1\x92\x17\x00\x00\x00\x00\x00\x00\x00\xfe\x80\x00\x00\x00\x00\x00\x00\xa5E\xe7~\xbc)\x1fn\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00
processid: 1608
szSubkey: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
type: REG_BINARY
valuename: DefaultConnectionSettings
buffer: {42E7C687-3C56-48E6-A2A2-AB48DD2D7BC7}
processid: 1608
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad
type: REG_SZ
valuename: WpadLastNetwork
buffer: 0
processid: 2968
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
type: REG_DWORD
valuename: UNCAsIntranet
buffer: 1
processid: 2968
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
type: REG_DWORD
valuename: AutoDetect
buffer: 0
processid: 2968
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
type: REG_DWORD
valuename: UNCAsIntranet
buffer: 1
processid: 2968
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
type: REG_DWORD
valuename: AutoDetect
buffer: 0
processid: 2968
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
type: REG_DWORD
valuename: UNCAsIntranet
buffer: 1
processid: 2968
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
type: REG_DWORD
valuename: AutoDetect
buffer: 3
processid: 2968
szSubkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore
type: REG_DWORD
valuename: Type
buffer: 45
processid: 2968
szSubkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore
type: REG_DWORD
valuename: Count
buffer: \xe5\x07\x05\x00\x03\x00\x0c\x00\x11\x00\x19\x00.\x00 \x01
processid: 2968
szSubkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore
type: REG_BINARY
valuename: Time
buffer: 24
processid: 2968
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore
type: REG_DWORD
valuename: LoadTime
buffer: 3
processid: 2968
szSubkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
type: REG_DWORD
valuename: Type
buffer: 33
processid: 2968
szSubkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
type: REG_DWORD
valuename: Count
buffer: \xe5\x07\x05\x00\x03\x00\x0c\x00\x11\x00\x19\x00.\x00\xa6\x01
processid: 2968
szSubkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
type: REG_BINARY
valuename: Time
buffer: 231
processid: 2968
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
type: REG_DWORD
valuename: LoadTime
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2968
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2968
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2968
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2968
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2968
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList

 Behavior_analysis

message: 恶意软件访问多个域名,进行蠕虫传播或ddos攻击
name: 访问多个域名
szSubkey:
score: 3
message: 企图通过长时间休眠躲避沙箱检测
name: 长时间休眠
szSubkey:
score: 2

 Dropped_Save

analysis_result: 安全
create: 0
how: del
md5: 2af3e4b57a8b637fcee8cb7485986fa3
name: CabCA88.tmp
new_size: 54KB (55745bytes)
operation: 释放后删除文件
path: C:\Users\Administrator\AppData\Local\Temp\CabCA88.tmp
processid: 2968
processname: iexplore.exe
sha1: 4c31cedff6e2e366085c2793997357bc08bce9a1
sha256: 10632f5e8df34d4641f11aa0ad917a629bf75f7c0eaa77506c5a27919e7b12aa
size: 55745
this_path: /data/cuckoo/storage/analyses/2000848/files/2250295314/CabCA88.tmp
type: Microsoft Cabinet archive data, 55745 bytes, 1 file
analysis_result: 安全
create: 0
how: del
md5: 55258373b5cc2b410f59e60a60eb1769
name: TarCA89.tmp
new_size: 131KB (135047bytes)
operation: 释放后删除文件
path: C:\Users\Administrator\AppData\Local\Temp\TarCA89.tmp
processid: 2968
processname: iexplore.exe
sha1: 18d2143161a130d9b7bfdf43867edfbad1eb2df3
sha256: 114e885ba63cf9ff16cbc3aff1134aa44f0b31de68d391d5eb2c50756ca83af8
size: 135047
this_path: /data/cuckoo/storage/analyses/2000848/files/8500291450/TarCA89.tmp
type: data
analysis_result: 安全
create: 0
how: del
md5: 2af3e4b57a8b637fcee8cb7485986fa3
name: CabCAF7.tmp
new_size: 54KB (55745bytes)
operation: 释放后删除文件
path: C:\Users\Administrator\AppData\Local\Temp\CabCAF7.tmp
processid: 2968
processname: iexplore.exe
sha1: 4c31cedff6e2e366085c2793997357bc08bce9a1
sha256: 10632f5e8df34d4641f11aa0ad917a629bf75f7c0eaa77506c5a27919e7b12aa
size: 55745
this_path: /data/cuckoo/storage/analyses/2000848/files/9037107543/CabCAF7.tmp
type: Microsoft Cabinet archive data, 55745 bytes, 1 file
analysis_result: 安全
create: 0
how: del
md5: 55258373b5cc2b410f59e60a60eb1769
name: TarCB08.tmp
new_size: 131KB (135047bytes)
operation: 释放后删除文件
path: C:\Users\Administrator\AppData\Local\Temp\TarCB08.tmp
processid: 2968
processname: iexplore.exe
sha1: 18d2143161a130d9b7bfdf43867edfbad1eb2df3
sha256: 114e885ba63cf9ff16cbc3aff1134aa44f0b31de68d391d5eb2c50756ca83af8
size: 135047
this_path: /data/cuckoo/storage/analyses/2000848/files/747726382/TarCB08.tmp
type: data
analysis_result: 安全
create: 0
how: write
md5: e5234b409658160b86aa97db867f0157
name: RecoveryStore.{CDB828E0-B319-11EB-9574-080027BF020F}.dat
new_size: 3584bytes
operation: 修改文件
path: C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CDB828E0-B319-11EB-9574-080027BF020F}.dat
processid: 1608
processname: iexplore.exe
sha1: d33e0683ffb47f81583d6f3616bce6f8c5bc818d
sha256: ed961248ab513f644cfb4f37083eb7ecf0516dc9b37d63857ceeeb171183069f
size: 3584
this_path: /data/cuckoo/storage/analyses/2000848/files/1000/RecoveryStore.{CDB828E0-B319-11EB-9574-080027BF020F}.dat
type: Composite Document File V2 Document, No summary info
analysis_result: 安全
create: 0
how: write
md5: d41d8cd98f00b204e9800998ecf8427e
name: ~DF4F2861D9279A8873.TMP
new_size: 0bytes
operation: 修改文件
path: C:\Users\Administrator\AppData\Local\Temp\~DF4F2861D9279A8873.TMP
processid: 1608
processname: iexplore.exe
sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709
sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
size: 0
this_path: /data/cuckoo/storage/analyses/2000848/files/1001/~DF4F2861D9279A8873.TMP
type: empty
analysis_result: 安全
create: 0
how: write
md5: c71190ac771ae0f83d137b664f89051a
name: {CDB828E1-B319-11EB-9574-080027BF020F}.dat
new_size: 4096bytes
operation: 修改文件
path: C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CDB828E1-B319-11EB-9574-080027BF020F}.dat
processid: 1608
processname: iexplore.exe
sha1: cd785a914cf3c48b4d625fe0520ea8461b54de7e
sha256: 7f25e125ba15413c49697dabe2d2e1369fa8c7b172a655d1e2e92a3757f5da97
size: 4096
this_path: /data/cuckoo/storage/analyses/2000848/files/1002/{CDB828E1-B319-11EB-9574-080027BF020F}.dat
type: Composite Document File V2 Document, No summary info
analysis_result: 安全
create: 0
how: write
md5: d41d8cd98f00b204e9800998ecf8427e
name: ~DF67985410876B9584.TMP
new_size: 0bytes
operation: 修改文件
path: C:\Users\Administrator\AppData\Local\Temp\~DF67985410876B9584.TMP
processid: 1608
processname: iexplore.exe
sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709
sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
size: 0
this_path: /data/cuckoo/storage/analyses/2000848/files/1003/~DF67985410876B9584.TMP
type: empty
analysis_result: 安全
create: 0
how: write
md5: 2d5ea73f0cf77663eddc49572b877152
name: 000F7F8FAB2D96E6F8CBD5C9A3B4EC90
new_size: 186bytes
operation: 修改文件
path: C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\000F7F8FAB2D96E6F8CBD5C9A3B4EC90
processid: 2968
processname: iexplore.exe
sha1: 6e92be21f17be98a6d661423f653360984cbb9e3
sha256: 00289f23110c403752bde067c1d9e792b11de44e809d4b7b3fb57502acbc8946
size: 186
this_path: /data/cuckoo/storage/analyses/2000848/files/1004/000F7F8FAB2D96E6F8CBD5C9A3B4EC90
type: data
analysis_result: 安全
create: 0
how: write
md5: 2c8f9f661d1890b147269d8e86828ca9
name: 000F7F8FAB2D96E6F8CBD5C9A3B4EC90
new_size: 784bytes
operation: 修改文件
path: C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\000F7F8FAB2D96E6F8CBD5C9A3B4EC90
processid: 2968
processname: iexplore.exe
sha1: 6252dc40f71143a22fde9ef7348e064251b18118
sha256: d8e0febc1db2e38d00940f37d27d41344d993e734b99d5656d9778d4d8143624
size: 784
this_path: /data/cuckoo/storage/analyses/2000848/files/1005/000F7F8FAB2D96E6F8CBD5C9A3B4EC90
type: data

 Malicious

attck_tactics: 持久化
level: 1
matchedinfo: 恶意程序通过写入注册表,以达修改用户修改代理
num: 24
process_id: 1608
process_name: iexplore.exe
rulename: 修改浏览器代理
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 266
process_id: 1608
process_name: iexplore.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 防御逃逸
level: 2
matchedinfo: 通过重新写入数据到新创建的进程,以达到逃避杀毒软件检测的目的
num: 417
process_id: 1608
process_name: iexplore.exe
rulename: 进程数据重写(使用内存映射方式)
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 464
process_id: 1608
process_name: iexplore.exe
rulename: 遍历文件
attck_tactics: 持久化
level: 1
matchedinfo: 恶意程序通过打开服务控制管理器(Service Control Manager),以达到对服务进行控制的目的
num: 1258
process_id: 1608
process_name: iexplore.exe
rulename: 打开服务控制管理器
attck_tactics: 执行
level: 2
matchedinfo: 恶意程序通过打开线程,以达到操作其它线程的目的
num: 1280
process_id: 1608
process_name: iexplore.exe
rulename: 打开其他线程
attck_tactics: 其他恶意行为
level: 2
matchedinfo: 恶意程序通过从资源段释放资源到内存中,进行解密操作
num: 1407
process_id: 1608
process_name: iexplore.exe
rulename: 加载资源到内存
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过从资源段释放文件并运行的方式,以达到隐藏恶意代码的目的
num: 1407
process_id: 1608
process_name: iexplore.exe
rulename: 从资源段释放文件并运行
attck_tactics: 基础信息获取
level: 1
matchedinfo: 恶意程序通过获取用户网卡信息的方式,以达到获取敏感信息的目的
num: 1634
process_id: 1608
process_name: iexplore.exe
rulename: 收集电脑网卡信息
attck_tactics: 基础信息获取
level: 1
matchedinfo: 恶意程序通过调用关键api的获取系统的用户名,以达到收集用户信息的目的
num: 1813
process_id: 1608
process_name: iexplore.exe
rulename: 获取当前用户名
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意程序通过创建网络连接的方式,以达到通过网络连接进行通信的目的
num: 9582
process_id: 1608
process_name: iexplore.exe
rulename: 创建网络套接字连接
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 一般被用于文件的加密、数据的加密传输或可能被用于勒索者病毒中
num: 9604
process_id: 1608
process_name: iexplore.exe
rulename: 调用加密算法库
attck_tactics: 防御逃逸
level: 2
matchedinfo: 检查程序运行时监视鼠标是否移动。一般被恶意软件用于沙盒逃逸
num: 9802
process_id: 1608
process_name: iexplore.exe
rulename: 获取当前鼠标位置
attck_tactics: 持久化
level: 1
matchedinfo: 恶意程序通过写入注册表,以达修改用户修改代理
num: 24
process_id: 2968
process_name: iexplore.exe
rulename: 修改浏览器代理
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 125
process_id: 2968
process_name: iexplore.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 防御逃逸
level: 2
matchedinfo: 通过重新写入数据到新创建的进程,以达到逃避杀毒软件检测的目的
num: 309
process_id: 2968
process_name: iexplore.exe
rulename: 进程数据重写(使用内存映射方式)
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 一般被用于文件的加密、数据的加密传输或可能被用于勒索者病毒中
num: 391
process_id: 2968
process_name: iexplore.exe
rulename: 调用加密算法库
attck_tactics: 持久化
level: 1
matchedinfo: 恶意程序通过打开服务控制管理器(Service Control Manager),以达到对服务进行控制的目的
num: 1169
process_id: 2968
process_name: iexplore.exe
rulename: 打开服务控制管理器
attck_tactics: 执行
level: 2
matchedinfo: 恶意程序通过启动恶意服务,以达到通过服务方式执行恶意代码的目的
num: 1171
process_id: 2968
process_name: iexplore.exe
rulename: 启动服务
attck_tactics: 执行
level: 2
matchedinfo: 恶意程序通过打开线程,以达到操作其它线程的目的
num: 1207
process_id: 2968
process_name: iexplore.exe
rulename: 打开其他线程
attck_tactics: 命令与控制
level: 1
matchedinfo: 恶意程序可能连接非常规端口网络连接进行数据偷取操作
num: 1213
process_id: 2968
process_name: iexplore.exe
rulename: 连接本地地址127.0.0.1
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意程序通过创建网络连接的方式,以达到通过网络连接进行通信的目的
num: 1213
process_id: 2968
process_name: iexplore.exe
rulename: 创建网络套接字连接
attck_tactics: 基础信息获取
level: 1
matchedinfo: 恶意程序通过调用关键api的获取系统的用户名,以达到收集用户信息的目的
num: 1284
process_id: 2968
process_name: iexplore.exe
rulename: 获取当前用户名
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 2144
process_id: 2968
process_name: iexplore.exe
rulename: 遍历文件
attck_tactics: 其他恶意行为
level: 2
matchedinfo: 恶意程序会使用Get方式请求(或发送)配置文件
num: 2609
process_id: 2968
process_name: iexplore.exe
rulename: 使用Get方式请求数据
attck_tactics: 基础信息获取
level: 1
matchedinfo: 恶意程序通过获取用户网卡信息的方式,以达到获取敏感信息的目的
num: 4542
process_id: 2968
process_name: iexplore.exe
rulename: 收集电脑网卡信息