VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load
VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Basic Information

file name: 00逃生2
file size: 963614
file type: application/x-dosexec
MD5: 7bf8eea0d77a966a5034769ddcae85f0
sha1: 2d2673c48a5fa6608068965bdb1b851e72d3d02c

 CreateProcess

ApplicationName:
CmdLine:
childid: 100
childname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
drop_type:
name:
noNeedLine:
path:
pid: 2128

 Dropped Unsave

analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: cc9681f4cfc091842a4d6a72d95664ec
name: Winamp 5.0 (full version).exe
new_size: 4288KB (4391073bytes)
operation: 修改文件
path: C:\Windows\Intelx386\Winamp 5.0 (full version).exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: f9795b541e2f361af214fc9779fda47d1e9bd8c4
sha256: cec1d92fea21f668d3a95dfaf1f65890b83a52dd61d0f610280e66b38f427bbd
size: 4391073
this_path: /data/cuckoo/storage/analyses/6000015/files/1000/Winamp 5.0 (full version).exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: 63cfd577c41974ac44a349c60619f99e
name: Winamp 3 (full version).exe
new_size: 3025KB (3098135bytes)
operation: 修改文件
path: C:\Windows\Intelx386\Winamp 3 (full version).exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: 502a4fcf3d7ce4bf9c207faad918209107ac1da0
sha256: a63f8a310b28c40077425b9bf490069f8220b561336a8460efb787e5559951d6
size: 3098135
this_path: /data/cuckoo/storage/analyses/6000015/files/1001/Winamp 3 (full version).exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: 184ab1304a78145a36364fe32b68367a
name: Winamp 3.5 (full version).exe
new_size: 3428KB (3510412bytes)
operation: 修改文件
path: C:\Windows\Intelx386\Winamp 3.5 (full version).exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: 4d6c30a7901f70cd6f6a6270aaff75f841dbce14
sha256: 9f4949948656c186b8ca0fdb4698a9a957a89aa21ba74b6b9217f36e5206385b
size: 3510412
this_path: /data/cuckoo/storage/analyses/6000015/files/1002/Winamp 3.5 (full version).exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: 25f0a1cf76a95753dc79172f20a61b00
name: Update Photoshop 7.0 to Photoshop 9.16 (It磗 Work!).exe
new_size: 2598KB (2660959bytes)
operation: 修改文件
path: C:\Windows\Intelx386\Update Photoshop 7.0 to Photoshop 9.16 (It磗 Work!).exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: 82a073ae9d038e6ef7edb71dc640d6be9faec3e7
sha256: c43e7c11174bed5c8ad94de726b14ed95a0343e3652a30361d5f8b72c7e8a184
size: 2660959
this_path: /data/cuckoo/storage/analyses/6000015/files/1003/Update Photoshop 7.0 to Photoshop 9.16 (It磗 Work!).exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: b44aa2b3ec35dca36e0d15390ec019e6
name: Update Photoshop 8.0 to Photoshop 9.5 (It磗 Work!).exe
new_size: 2761KB (2827826bytes)
operation: 修改文件
path: C:\Windows\Intelx386\Update Photoshop 8.0 to Photoshop 9.5 (It磗 Work!).exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: 02b4a7e392515183dc2db2cf5444058e3d92c70b
sha256: be46b142e08f54c900abf2416f5e08935ded2694a083b3843019bfac121b1a30
size: 2827826
this_path: /data/cuckoo/storage/analyses/6000015/files/1004/Update Photoshop 8.0 to Photoshop 9.5 (It磗 Work!).exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: 720da2d32709740e748144f89f117dcd
name: WinAce 3.85 (with Serial).exe
new_size: 4697KB (4810156bytes)
operation: 修改文件
path: C:\Windows\Intelx386\WinAce 3.85 (with Serial).exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: 41d790eda8d58d52e40f4720880e88d63f290a20
sha256: 78777c6bbc39e52b5210e14cf1c02d4cc6798ffbb7c81195e74fb5895b533ddf
size: 4810156
this_path: /data/cuckoo/storage/analyses/6000015/files/1005/WinAce 3.85 (with Serial).exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: dd25db5ccd3f740b0b0bc669da589660
name: Download Accelerator Plus (DAP) (full version with serial).exe
new_size: 2128KB (2180061bytes)
operation: 修改文件
path: C:\Windows\Intelx386\Download Accelerator Plus (DAP) (full version with serial).exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: f2c28e4e1508107bca701dcdb9730ddb11dc9e76
sha256: 719e35d6f9165bb2fc64e79bac2f60bf134aa19c871369980460e538d91f526e
size: 2180061
this_path: /data/cuckoo/storage/analyses/6000015/files/1006/Download Accelerator Plus (DAP) (full version with serial).exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: 7be1920b897effe7546d4b144aad0666
name: RealOne Player (Full version).exe
new_size: 2158KB (2210468bytes)
operation: 修改文件
path: C:\Windows\Intelx386\RealOne Player (Full version).exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: e8dffba8d90e381b1bccce106e69d66f9eb30004
sha256: fb4cf255cf29d660630efeb14876a81919b85f173ee06b3381974e4d9c417eb2
size: 2210468
this_path: /data/cuckoo/storage/analyses/6000015/files/1007/RealOne Player (Full version).exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: 2923647b3068f381398da573d6cfd336
name: BsPlayer v3.exe
new_size: 3232KB (3310135bytes)
operation: 修改文件
path: C:\Windows\Intelx386\BsPlayer v3.exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: b071cc79d12fbb3abc692dfcff3673e2913defba
sha256: 1d2861587bd318151fb37abfc1b3ed435b281ac3874b1d4c8e2b3120b1d52b31
size: 3310135
this_path: /data/cuckoo/storage/analyses/6000015/files/1008/BsPlayer v3.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: 5d092db2e619b854bdf30d8181716501
name: WinRar v6.11 (with crack).exe
new_size: 3328KB (3408289bytes)
operation: 修改文件
path: C:\Windows\Intelx386\WinRar v6.11 (with crack).exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: 6c5e1b67b80900b62f12cb7bf2ef44805d1faf9c
sha256: 2dafb3650868263f9f6d4f5e498a3680991913326d32556485613df314605400
size: 3408289
this_path: /data/cuckoo/storage/analyses/6000015/files/1009/WinRar v6.11 (with crack).exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: efe4a4b3e57b6f90b5355441002359ad
name: WinRar 4 (with crack).exe
new_size: 3198KB (3275728bytes)
operation: 修改文件
path: C:\Windows\Intelx386\WinRar 4 (with crack).exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: fa008623f3c4e6bcc763b5ed514c374417d4156f
sha256: a0e2a966e3116d4260593a2876fdec2327a47f2c450ffec5edf0e45dd143d3e5
size: 3275728
this_path: /data/cuckoo/storage/analyses/6000015/files/1010/WinRar 4 (with crack).exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: 4817b30b6ec56c83b39b265b36bfb124
name: ContaWin 2000 (full version).exe
new_size: 2017KB (2065959bytes)
operation: 修改文件
path: C:\Windows\Intelx386\ContaWin 2000 (full version).exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: d9ab6d2d00d7db9fdd7d90cd721355dcfca8e28b
sha256: c3f34c8c0bb1bb4a3b6ca3ba345f4e44c0012c92668925b591c76c900bcb7bc9
size: 2065959
this_path: /data/cuckoo/storage/analyses/6000015/files/1011/ContaWin 2000 (full version).exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: a69f6672c4a1c962d54c428e35502ca7
name: WinZip 9.exe
new_size: 2870KB (2939748bytes)
operation: 修改文件
path: C:\Windows\Intelx386\WinZip 9.exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: 02ca0d4634b1071eb15e75fd967c874e3715fc56
sha256: ca863db9a9ed5effc169fc0ecce1391d61c06b29383265cbdf6e801eefdeedc3
size: 2939748
this_path: /data/cuckoo/storage/analyses/6000015/files/1012/WinZip 9.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: a92d7988fe8926362cdc37037fd011a5
name: DivX 7.2 freeware.exe
new_size: 1885KB (1930872bytes)
operation: 修改文件
path: C:\Windows\Intelx386\DivX 7.2 freeware.exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: a79ab966fdf3e13bdb7b7f33a47715b58d01ad4f
sha256: f78020484ab0a5cc3936559aa6887ef53416e3d2e52dc45daa74625ef3541b74
size: 1930872
this_path: /data/cuckoo/storage/analyses/6000015/files/1013/DivX 7.2 freeware.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: 30aaa0578bcbd7b653c4bb5513318bb0
name: 3D Studio R8 (It's Work!!).exe
new_size: 9MB (10098289bytes)
operation: 修改文件
path: C:\Windows\Intelx386\3D Studio R8 (It's Work!!).exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: d44428b9e59c367f9fa39060f9f555891d750f78
sha256: 42edd9843b7f847bd8c923cbbfc5098f90fa2ddbf96c01ab0e5bc8c3f9f35ef7
size: 10098289
this_path: /data/cuckoo/storage/analyses/6000015/files/1014/3D Studio R8 (It's Work!!).exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: 0ae3cabd9a3cec6a4cdc64487fcbd883
name: VirtualDub 2.1.4.exe
new_size: 3232KB (3310189bytes)
operation: 修改文件
path: C:\Windows\Intelx386\VirtualDub 2.1.4.exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: da3bb58c7edd6d366c3f309fc3a6945b437b6037
sha256: 792d82046aae96ca44b42471ad9f6197ca036d8cc2acfd017ed4999f5163e41c
size: 3310189
this_path: /data/cuckoo/storage/analyses/6000015/files/1015/VirtualDub 2.1.4.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: 29cebb41435edd7737124f9567c633c1
name: MSN messenger 6.3.exe
new_size: 2871KB (2939955bytes)
operation: 修改文件
path: C:\Windows\Intelx386\MSN messenger 6.3.exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: c43c1b148f459394678c09201a23e99b271fce7a
sha256: 9f1a8c80555cb1ba0da2c6fce44bb4cba947ea997a53bb7470ed9d6c7147be59
size: 2939955
this_path: /data/cuckoo/storage/analyses/6000015/files/1016/MSN messenger 6.3.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: 3b27fe00a42da22ff52fb2eb7d43719b
name: Hacha Profesional Edition.exe
new_size: 1463KB (1498292bytes)
operation: 修改文件
path: C:\Windows\Intelx386\Hacha Profesional Edition.exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: 8866d39f437e9c5ea747d47e67e4bee34c338b7a
sha256: 08ed0939c21f9700e2553365fe7593a2f207cb3b03e1c2494bfe9ba6e51aa4bc
size: 1498292
this_path: /data/cuckoo/storage/analyses/6000015/files/1017/Hacha Profesional Edition.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: cfdc834c7651ae0c4e8887ca287809c7
name: Simpsons pack guiones (Temporada 2004).exe
new_size: 1444KB (1479646bytes)
operation: 修改文件
path: C:\Windows\Intelx386\Simpsons pack guiones (Temporada 2004).exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: 2b845a77dbe495fddf4daa1b890f010be708c20c
sha256: cbdd44fa064a7133849082f7a55e578bf1a1897098e77afa940c28c529fd408d
size: 1479646
this_path: /data/cuckoo/storage/analyses/6000015/files/1018/Simpsons pack guiones (Temporada 2004).exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: 69b3b3de7208e12c2cbb4a12345f7748
name: Mazinkaiser pack fondos de escritorio.exe
new_size: 1347KB (1379701bytes)
operation: 修改文件
path: C:\Windows\Intelx386\Mazinkaiser pack fondos de escritorio.exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: 6f6fcf3001ad05945bb736f8789255fb859cfebd
sha256: dabdbdeb87e05788c40c2c2389078563a4747418cc4458bc7cfadcbffeb7ee78
size: 1379701
this_path: /data/cuckoo/storage/analyses/6000015/files/1019/Mazinkaiser pack fondos de escritorio.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: de667dafd629705bc2cf3f5859691f8c
name: Mazinkaiser comics pack.exe
new_size: 1243KB (1273492bytes)
operation: 修改文件
path: C:\Windows\Intelx386\Mazinkaiser comics pack.exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: f22b28b06dcef891a2ce8dad906b2f01570d4661
sha256: 20831f68edecdb8ad4e8aeb03f83df56f852ed0cac10319160905f3cbdc0b351
size: 1273492
this_path: /data/cuckoo/storage/analyses/6000015/files/1020/Mazinkaiser comics pack.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: 5b0119bdc7fc489c3434bf82f03c5740
name: Juegos JAVA para NOKIA.exe
new_size: 1623KB (1661976bytes)
operation: 修改文件
path: C:\Windows\Intelx386\Juegos JAVA para NOKIA.exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: cda26cedae9351855bdc87d99478d67120ef9895
sha256: 7fdfa4def72a0206f7dfb18e9487e17f1252e9d004a79943d408bce9b82469c8
size: 1661976
this_path: /data/cuckoo/storage/analyses/6000015/files/1021/Juegos JAVA para NOKIA.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: ccea1b2313222e658844915ff396f666
name: Capitulos ineditos de DragonBall Z jamas emitidos.exe
new_size: 5955KB (6098293bytes)
operation: 修改文件
path: C:\Windows\Intelx386\Capitulos ineditos de DragonBall Z jamas emitidos.exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: 5ed8adfe4da12f5b9dd3cda37f4ce95c13be7e1c
sha256: f1a4defb1f165ed302a026580d16a0b9fc4285c004b758a28ddc8e1237006da4
size: 6098293
this_path: /data/cuckoo/storage/analyses/6000015/files/1022/Capitulos ineditos de DragonBall Z jamas emitidos.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: 688f1d29586b0ff8ed4707d107822ee6
name: Pack Tonos y Logos para Nokia.exe
new_size: 2551KB (2612590bytes)
operation: 修改文件
path: C:\Windows\Intelx386\Pack Tonos y Logos para Nokia.exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: ebdcbf632f87a520f31634ee64b1ff0676ca73ef
sha256: 2ef78b3c7406b28188c2e013d86f13535288359ef2d0f869e54a5f0794328535
size: 2612590
this_path: /data/cuckoo/storage/analyses/6000015/files/1023/Pack Tonos y Logos para Nokia.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: b753e2666f83bfb3864f517220a604fa
name: Nero 7.5.1.0 (cracked!).exe
new_size: 7MB (7421103bytes)
operation: 修改文件
path: C:\Windows\Intelx386\Nero 7.5.1.0 (cracked!).exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: 2c766b26993ac6ed772aaeb6affe5bfbc6a058d0
sha256: 11477c26b37629e15ca2e88c8dce846cd89de8dd730a187ba269852e8f79f670
size: 7421103
this_path: /data/cuckoo/storage/analyses/6000015/files/1024/Nero 7.5.1.0 (cracked!).exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: 9590a590db34c8a306b13c4aeff7a694
name: 3D Movie Maker.exe
new_size: 1041KB (1066268bytes)
operation: 修改文件
path: C:\Windows\Intelx386\3D Movie Maker.exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: dd3295ad01ff0629a1a37545347947db61ad8db9
sha256: 528c63c5126bc5698a0086a91eb2b70ecf6ee26d13e57453c05430f44632e495
size: 1066268
this_path: /data/cuckoo/storage/analyses/6000015/files/1025/3D Movie Maker.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: 091e719ae22a564a084f95dc9cce3916
name: Silent Hill.exe
new_size: 1072KB (1098271bytes)
operation: 修改文件
path: C:\Windows\Intelx386\Silent Hill.exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: 7941d47df9844729222ddad5806b856309d2fb9b
sha256: 97ae3479d9fb9f32a66ba88f82c20755f919cebbf2eacddc583a83c795c47618
size: 1098271
this_path: /data/cuckoo/storage/analyses/6000015/files/1026/Silent Hill.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: b6a24a6bfe54e4f0e3406a598cb9eb59
name: PSEmu.exe
new_size: 1072KB (1097860bytes)
operation: 修改文件
path: C:\Windows\Intelx386\PSEmu.exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: 832e73c4ca1e749b718518389eff4a4d8d715e85
sha256: 3830fbbe54b60052d5cc36aec55c4378a85d708a3cc849ff55d04778e3b26953
size: 1097860
this_path: /data/cuckoo/storage/analyses/6000015/files/1027/PSEmu.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: 9c34d0d907aab1450d9510cecaa40266
name: RM2GBA.exe
new_size: 952KB (974950bytes)
operation: 修改文件
path: C:\Windows\Intelx386\RM2GBA.exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: fd0fd363230713e843ae751fa0ce6b6211e8a80a
sha256: cc4bfe01b68cfeee2622bb7d20ec5f60349de6011f5e96c1854c57dce982edd5
size: 974950
this_path: /data/cuckoo/storage/analyses/6000015/files/1028/RM2GBA.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: 3ef6a7486f9fedfd9452ae6d419779cb
name: WAV2MP3.exe
new_size: 951KB (974836bytes)
operation: 修改文件
path: C:\Windows\Intelx386\WAV2MP3.exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: 56ae887b4af7578fe55bd0a36bccfb6070472283
sha256: 11b4e3a30b3fbdaf5d9dc7512abbe8799ea3bfd583654e10ccc23f7cdfd01a4f
size: 974836
this_path: /data/cuckoo/storage/analyses/6000015/files/1029/WAV2MP3.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: ff8e70b81bb75c1bc9bbdf26313257ba
name: GBAEmu.exe
new_size: 1052KB (1077892bytes)
operation: 修改文件
path: C:\Windows\Intelx386\GBAEmu.exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: ae3acb807e178bb4b3e594a9a68a123254d4c7ae
sha256: b1ce3a1de449bbffcb3e3f6115508d8dc05881b8f7d13f80711417f7d43723e1
size: 1077892
this_path: /data/cuckoo/storage/analyses/6000015/files/1030/GBAEmu.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: 78c3332eb71f08f0d218d58f7db87477
name: GameCube Emulator.exe
new_size: 965KB (988292bytes)
operation: 修改文件
path: C:\Windows\Intelx386\GameCube Emulator.exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: 4bf9d499c1d018b71e4ba1f83e809737fdeb98c1
sha256: f843ea9bdb34ab5b562acd6c32aff65294641ee2d477b22044d4cc011853c425
size: 988292
this_path: /data/cuckoo/storage/analyses/6000015/files/1031/GameCube Emulator.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: c37639fec0721454205380ad8af6b050
name: Pack 50 Juegos PS2.exe
new_size: 1070KB (1096159bytes)
operation: 修改文件
path: C:\Windows\Intelx386\Pack 50 Juegos PS2.exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: d4fbd27f22986faaab994f49b12f706257373e6b
sha256: d43d0f82f984b83d2cd9628c1d99f12e96c271da11063c510d3926909fe7c518
size: 1096159
this_path: /data/cuckoo/storage/analyses/6000015/files/1032/Pack 50 Juegos PS2.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: 572edc1cf64e7e555b617b2b98ecec06
name: Pack 25 Juegos GameCube.exe
new_size: 1074KB (1099956bytes)
operation: 修改文件
path: C:\Windows\Intelx386\Pack 25 Juegos GameCube.exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: 71932691ee43f11cb573d5b3400b8219b88c2dbc
sha256: 4290e7bd9e3f968e803997d49ee3bd88432189ddd8765f8078993d67ba29cc0f
size: 1099956
this_path: /data/cuckoo/storage/analyses/6000015/files/1033/Pack 25 Juegos GameCube.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: f2312c99636fe673a2dd37574625c055
name: Resident Evil for GameCube.exe
new_size: 1059KB (1085058bytes)
operation: 修改文件
path: C:\Windows\Intelx386\Resident Evil for GameCube.exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: ff804478e24c2864b1a0123a6f0307895ded831f
sha256: 0068276c284c2e2324d26807219c5e2467d46e962e66eced89018602af9571ad
size: 1085058
this_path: /data/cuckoo/storage/analyses/6000015/files/1034/Resident Evil for GameCube.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: 359a8d26fa4afc7851edf5bf21be6359
name: Visual Basic 6.exe
new_size: 952KB (974926bytes)
operation: 修改文件
path: C:\Windows\Intelx386\Visual Basic 6.exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: a3679efa1cc13e58d4975b3702ec8901a74a64fb
sha256: 543348d51b1da19967b594b2508a6c465a91db4f389fd7215f8a42567d56365c
size: 974926
this_path: /data/cuckoo/storage/analyses/6000015/files/1035/Visual Basic 6.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: 9930cc9277bbd88362f3362e0c2ec87e
name: Visual C.exe
new_size: 961KB (984756bytes)
operation: 修改文件
path: C:\Windows\Intelx386\Visual C.exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: 98b2782b09fc7862de4b66bf9a67cf01e7dedee1
sha256: 31b8bed6d7fc01ef346bd2602d578c6cb57fc03db68136edca7e28c441326ecd
size: 984756
this_path: /data/cuckoo/storage/analyses/6000015/files/1036/Visual C.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: 6aef524523af87aeca36b4b10fc5d5ff
name: Visual Studio (full).exe
new_size: 954KB (976956bytes)
operation: 修改文件
path: C:\Windows\Intelx386\Visual Studio (full).exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: 20fbb017d81860d160d0cd5ff7c8994a64796bcf
sha256: bf2103ea2a721ff94ab183b554d185fc22c5315b4ac3af2b76e03f5d3bb94564
size: 976956
this_path: /data/cuckoo/storage/analyses/6000015/files/1037/Visual Studio (full).exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: 31e83ec9bd455cb5ff487224345711bc
name: mugen (full).exe
new_size: 953KB (976829bytes)
operation: 修改文件
path: C:\Windows\Intelx386\mugen (full).exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: d3fe6df3a1b7e0c65541dc08a6e27d6da3d8bb01
sha256: fdf48ef7edf5e9a4248d01653ab8ba9dcd25cf7c9b56acb14375cfa86797feed
size: 976829
this_path: /data/cuckoo/storage/analyses/6000015/files/1038/mugen (full).exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: 8ec37e91d9d44b7fe4a61efd196bd554
name: Fuck my fat ass.avi.exe
new_size: 953KB (976836bytes)
operation: 修改文件
path: C:\Windows\Intelx386\Fuck my fat ass.avi.exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: 25dffe8bb9a0f2cdc7ebb948c6dd06d844980178
sha256: 6c24889740ce3df31b26156d4a7be6b110733cfa37e0ffa6720cac3e1100242a
size: 976836
this_path: /data/cuckoo/storage/analyses/6000015/files/1039/Fuck my fat ass.avi.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: 30fca5ee425c4bee6237c67b62ee93ae
name: German extreme violation.mpg.exe
new_size: 971KB (995035bytes)
operation: 修改文件
path: C:\Windows\Intelx386\German extreme violation.mpg.exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: acf2579b217812ec239205a8d4c6651880f4f1e8
sha256: 5fa76653195773acc9b7883af5fc5e237ade0cd0ade90bc30ce2db542ff8d89e
size: 995035
this_path: /data/cuckoo/storage/analyses/6000015/files/1040/German extreme violation.mpg.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: 60364be0198e122fd23b3afea874093e
name: Sexo con una menor.exe
new_size: 1590KB (1628192bytes)
operation: 修改文件
path: C:\Windows\Intelx386\Sexo con una menor.exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: e91d9d8cb81fe88eb28aa5d9812bfafa16b989e1
sha256: b07f95a8e4157c97f54c55fdf4ac719d7961c5339f661e5486c7a9036ff0fb98
size: 1628192
this_path: /data/cuckoo/storage/analyses/6000015/files/1041/Sexo con una menor.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: 0f14ed6fa46c7be99925da4a4929a684
name: Pedofilia pack 37 pics.exe
new_size: 1894KB (1940099bytes)
operation: 修改文件
path: C:\Windows\Intelx386\Pedofilia pack 37 pics.exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: 9df0c4b1bf5fe68bd486021d1fe46334130b6143
sha256: 61eb92490d6b05e6f1173259b3e50d69ef41107b3fa98ec0e0864566fdc1dcc5
size: 1940099
this_path: /data/cuckoo/storage/analyses/6000015/files/1042/Pedofilia pack 37 pics.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: a004fa8b6558cbcf040426b278d0ad79
name: Follada brutal co駉 roto.exe
new_size: 4325KB (4429102bytes)
operation: 修改文件
path: C:\Windows\Intelx386\Follada brutal co駉 roto.exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: 119b441eb36cfd9d0e2b2aa2da7fdf283b2f69c0
sha256: 336c8898fcc2f406469a36c3cd32877cbc3be862d1816f4c0d2a053406125121
size: 4429102
this_path: /data/cuckoo/storage/analyses/6000015/files/1043/Follada brutal co駉 roto.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: 54fd8fe7dc5ce6fc90a774e2f96e68f9
name: Lolita Pack 20 Pics.exe
new_size: 953KB (976838bytes)
operation: 修改文件
path: C:\Windows\Intelx386\Lolita Pack 20 Pics.exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: 841c950252700f3029425a746922ed43943faba3
sha256: 76f961ba0d32bd2d94ba099dfda9712718a40247569eaf052cc3edc5ccc34a4f
size: 976838
this_path: /data/cuckoo/storage/analyses/6000015/files/1044/Lolita Pack 20 Pics.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: 4447d213ebb8bf93d577df30f674e3a9
name: Puta come mierda.exe
new_size: 954KB (977836bytes)
operation: 修改文件
path: C:\Windows\Intelx386\Puta come mierda.exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: 662d7e4e8a8846f507aaaccb78a9f64cebdce937
sha256: 264498ef6ac60959b3b1e36224960e479fb56aaa4910743f034e195cf2e0fd02
size: 977836
this_path: /data/cuckoo/storage/analyses/6000015/files/1045/Puta come mierda.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: 5a89b6fd99730ffaebe98028195cf1c1
name: Solo para Maricas.exe
new_size: 976KB (999490bytes)
operation: 修改文件
path: C:\Windows\Intelx386\Solo para Maricas.exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: 2a247b0fbf3b6101a8c6c86f0215b8f98391d7c6
sha256: 9dee2148ad9b50252af56857336074ea0651528e1d7e83387dab09f90dcda1d0
size: 999490
this_path: /data/cuckoo/storage/analyses/6000015/files/1046/Solo para Maricas.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: 7efcd85c6def33b8a96149ee25c85c4b
name: No lo Descargues.exe
new_size: 954KB (977901bytes)
operation: 修改文件
path: C:\Windows\Intelx386\No lo Descargues.exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: 5d971a6b2d6e07c78916a23efcc03d1de6546856
sha256: ed6b3d5500533b423cacc3214ef7d6df643238dc56d7ad499679b64787bf8672
size: 977901
this_path: /data/cuckoo/storage/analyses/6000015/files/1047/No lo Descargues.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: e572b68c6fd8c9feb8344fff087e48ac
name: Dont Download.exe
new_size: 960KB (983382bytes)
operation: 修改文件
path: C:\Windows\Intelx386\Dont Download.exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: 8e36a2d71e37a09faa55dd8aed638b851c309e12
sha256: f3285941949bb4181f8b1e73f8943e55976b34a9b6ce2bc7cb5b97bff4766f5d
size: 983382
this_path: /data/cuckoo/storage/analyses/6000015/files/1048/Dont Download.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: d7fc08a5f6be81a97e3c1723110f54b4
name: humor.exe
new_size: 964KB (987932bytes)
operation: 修改文件
path: C:\Windows\Intelx386\humor.exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: 9b0d88f99a742038568bbf5a082953e5deefc906
sha256: 5e55e51930accc839e11acd7356beb5183366a2bd141926da0bab759a6366e26
size: 987932
this_path: /data/cuckoo/storage/analyses/6000015/files/1049/humor.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: 51efe26b79f63983066d4eef53b63604
name: Dont Touch.exe
new_size: 955KB (978038bytes)
operation: 修改文件
path: C:\Windows\Intelx386\Dont Touch.exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: 9f10e2253bc685b1092a829478c622ca229e645a
sha256: 26cc00006185668a4e0fb3b6545a48c3197051595c7265ace4320c41b049df1a
size: 978038
this_path: /data/cuckoo/storage/analyses/6000015/files/1050/Dont Touch.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: a27926fd4ce92993592fd3e803a76058
name: Hentai.exe
new_size: 941KB (963644bytes)
operation: 修改文件
path: C:\Windows\Intelx386\Hentai.exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: 873d8e35b428a36acd879a6f30d242aa44b70559
sha256: 5cfbf68cd2964460adbf2e560744be6c4158c825f13d4b805c7c0fa002189c13
size: 963644
this_path: /data/cuckoo/storage/analyses/6000015/files/1051/Hentai.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: 2dea32fcd630433cc0b6891828ea6fc0
name: Matrix Wallpapers.exe
new_size: 1687KB (1728142bytes)
operation: 修改文件
path: C:\Windows\Intelx386\Matrix Wallpapers.exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: 50ff43a52adb1582e66fb06558ae54ca1292b6c2
sha256: 917fde35a227dfbb07ed7345cd0078fa042c0867c892e04c87219f1dca39efb6
size: 1728142
this_path: /data/cuckoo/storage/analyses/6000015/files/1052/Matrix Wallpapers.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: 951ced88946a7aff0d7e2846c51d2b6d
name: Terminator 3 Wallpapers.exe
new_size: 1250KB (1280101bytes)
operation: 修改文件
path: C:\Windows\Intelx386\Terminator 3 Wallpapers.exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: 5e1dee66dda14aa7dd8745c1f751c2692fb78477
sha256: ccb25e283c9a77476ab8ca8988a3fd17093aba938985278fe8c16c05f882475f
size: 1280101
this_path: /data/cuckoo/storage/analyses/6000015/files/1053/Terminator 3 Wallpapers.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: 265d8bd7826de6492288ead7b461eb03
name: Hentai Evangelion Poker.exe
new_size: 1250KB (1280058bytes)
operation: 修改文件
path: C:\Windows\Intelx386\Hentai Evangelion Poker.exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: 0915edbe085b322310a75dde7b5db2664dd608e3
sha256: 03e2cb6a27b4b6773f5129b328743cd22a547676ed6d2b1e3c360ac48a7c193f
size: 1280058
this_path: /data/cuckoo/storage/analyses/6000015/files/1054/Hentai Evangelion Poker.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: cfa86cb81b2f85b342ada06bc99632e3
name: Shinchan screen saver.scr
new_size: 1049KB (1075071bytes)
operation: 修改文件
path: C:\Windows\Intelx386\Shinchan screen saver.scr
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: a2fb9576bf1a5e2a80904d29c05c63ed0b5427b9
sha256: 0e99538464d31ea75905aea003c0f0dce62e36547b7a4e82d9989dce021485b0
size: 1075071
this_path: /data/cuckoo/storage/analyses/6000015/files/1055/Shinchan screen saver.scr
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: 88ac51c87bc90d45149ed660fabf9da7
name: Hentai Shizuka clit.exe
new_size: 1268KB (1298501bytes)
operation: 修改文件
path: C:\Windows\Intelx386\Hentai Shizuka clit.exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: 02585a99e32d8f65d85d921b289f6734b87562ae
sha256: 0b228e63c045159d63970d5f574408782d3e035be69823c2143bebd1e299eb91
size: 1298501
this_path: /data/cuckoo/storage/analyses/6000015/files/1056/Hentai Shizuka clit.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: 7bf8eea0d77a966a5034769ddcae85f0
name: a pelo.exe
new_size: 941KB (963614bytes)
operation: 修改文件
path: C:\Windows\Intelx386\a pelo.exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: 2d2673c48a5fa6608068965bdb1b851e72d3d02c
sha256: 88b97f04bc05d285426a27f327ba28aa23664a049fbbc1946c92a5f7c373b30f
size: 963614
this_path: /data/cuckoo/storage/analyses/6000015/files/1057/a pelo.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: 8a11ffaf2728fc7a503d745de20c6163
name: Chenoa en cueros.exe
new_size: 954KB (977068bytes)
operation: 修改文件
path: C:\Windows\Intelx386\Chenoa en cueros.exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: 0ffe09acf034293e729bbaad8dffbf5b7141bca9
sha256: 66347299d9fd7b2136c9cdbadcd0ca5426bb5d0d5905dc4bd0e1a1898f8f3079
size: 977068
this_path: /data/cuckoo/storage/analyses/6000015/files/1058/Chenoa en cueros.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: 0f14ed6fa46c7be99925da4a4929a684
name: WinAmp skings and plugins.exe
new_size: 1894KB (1940099bytes)
operation: 修改文件
path: C:\Windows\Intelx386\WinAmp skings and plugins.exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: 9df0c4b1bf5fe68bd486021d1fe46334130b6143
sha256: 61eb92490d6b05e6f1173259b3e50d69ef41107b3fa98ec0e0864566fdc1dcc5
size: 1940099
this_path: /data/cuckoo/storage/analyses/6000015/files/1059/WinAmp skings and plugins.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: ba35a0187ead64fd5f6f269fdcfe46d5
name: FlashGet Max acceleration (Experimental).exe
new_size: 1574KB (1612193bytes)
operation: 修改文件
path: C:\Windows\Intelx386\FlashGet Max acceleration (Experimental).exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: 55f77922848ff7f9b473b36e6cc16108149b380a
sha256: 4f96f26948aeaf6cdc0cecd455a6423989fcccd8b6846624663c619974b81f2e
size: 1612193
this_path: /data/cuckoo/storage/analyses/6000015/files/1060/FlashGet Max acceleration (Experimental).exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: 7bf8eea0d77a966a5034769ddcae85f0
name: VMIntel386.exe
new_size: 941KB (963614bytes)
operation: 修改文件
path: C:\Windows\Intelx386\VMIntel386.exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: 2d2673c48a5fa6608068965bdb1b851e72d3d02c
sha256: 88b97f04bc05d285426a27f327ba28aa23664a049fbbc1946c92a5f7c373b30f
size: 963614
this_path: /data/cuckoo/storage/analyses/6000015/files/1061/VMIntel386.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows
analysis_result: P2P-Worm.Win32.Small.p
create: 0
how: write
md5: 6a5558dbe62a4c3a27c99881aee8e66d
name: Pack sex very hot nude young girl porn erotic private pussy rape clitoris suck chicas fotos culos tetas co駉s mamadas corridas sister hermana amigas friends lesbianas mujeres desnudas putas guarras hentai.exe
new_size: 13MB (13840592bytes)
operation: 修改文件
path: C:\Windows\Intelx386\Pack sex very hot nude young girl porn erotic private pussy rape clitoris suck chicas fotos culos tetas co駉s mamadas corridas sister hermana amigas friends lesbianas mujeres desnudas putas guarras hentai.exe
processid: 100
processname: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
sha1: be2be37f63fdbbad99577543ca75583b44f51bef
sha256: 18a844abf236ad2315ee848591d6b6a0104ace563805257e7e78d7ac1ca6e5ab
size: 13840592
this_path: /data/cuckoo/storage/analyses/6000015/files/1062/Pack sex very hot nude young girl porn erotic private pussy rape clitoris suck chicas fotos culos tetas co駉s mamadas corridas sister hermana amigas friends lesbianas mujeres desnudas putas guarras hentai.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows

 Malicious

attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 15
process_id: 100
process_name: 1618605049605_7bf8eea0d77a966a5034769ddcae85f0.exe
rulename: 拷贝文件到系统目录