VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load
VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Basic Information

file name: 00良辰美景好时光
file size: 420707
file type: application/x-dosexec
MD5: 996b615ca41f08c640d5b283fc3f107d
sha1: 30b46211b1409164a16cc6e930981f106f5048d1

 CreateProcess

ApplicationName: C:\ProgramData\nwpbpi.exe
CmdLine:
childid: 2720
childname: nwpbpi.exe
childpath: C:\ProgramData\nwpbpi.exe
drop_type:
name: 1618731040797_996b615ca41f08c640d5b283fc3f107d.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1618731040797_996b615ca41f08c640d5b283fc3f107d.exe
pid: 3056
ApplicationName:
CmdLine:
childid: 3056
childname: 1618731040797_996b615ca41f08c640d5b283fc3f107d.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\1618731040797_996b615ca41f08c640d5b283fc3f107d.exe
drop_type:
name:
noNeedLine:
path:
pid: 3048

 Summary

buffer: C:\ProgramData\nwpbpi.exe
processid: 2720
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
type: REG_SZ
valuename: Microsoft\xae Windows\xae Operating System

 Malicious

attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 3
process_id: 3056
process_name: 1618731040797_996b615ca41f08c640d5b283fc3f107d.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 30
process_id: 3056
process_name: 1618731040797_996b615ca41f08c640d5b283fc3f107d.exe
rulename: 遍历文件
attck_tactics: 防御逃逸
level: 2
matchedinfo: 通过修改查看隐藏文件设置,达到隐藏文件的目的
num: 180
process_id: 3056
process_name: 1618731040797_996b615ca41f08c640d5b283fc3f107d.exe
rulename: 获取隐藏文件设置
attck_tactics: 持久化
level: 2
matchedinfo: 恶意程序通过修改注册表的方式实现随系统自启动,以达到长期控制或驻留系统的目的
num: 8
process_id: 2720
process_name: nwpbpi.exe
rulename: 写入自启动注册表,增加自启动2
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 18
process_id: 2720
process_name: nwpbpi.exe
rulename: 遍历文件