VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load
VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Basic Information

file name: 00锦衣夜行
file size: 45345
file type: application/x-dosexec
MD5: bc1c750ae00f565462453063c57a603a
sha1: 8d321d0bb29927ac91a4f69b8270adafdbd1e1a3

 CreateProcess

ApplicationName:
CmdLine:
childid: 1440
childname: 1618819219350_bc1c750ae00f565462453063c57a603a.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\1618819219350_bc1c750ae00f565462453063c57a603a.exe
drop_type:
name:
noNeedLine:
path:
pid: 1648

 Dropped_Save

analysis_result: 安全
create: 0
how: write
md5: c36bb11e85925238fcf36f7dbc3c71b8
name: Wplugin.dll
new_size: 108KB (110592bytes)
operation: 修改文件
path: C:\Users\Administrator\AppData\Roaming\Wplugin.dll
processid: 1440
processname: 1618819219350_bc1c750ae00f565462453063c57a603a.exe
sha1: 2b1bbc2f32cbec424f12142a4aaf1d3f9383f5f9
sha256: 7c98d2da7afa2bdee9765910c81cb588e14781b77538fb54df84f7e7039e4348
size: 110592
this_path: /data/cuckoo/storage/analyses/7000055/files/1000/Wplugin.dll
type: data

 Malicious

attck_tactics: 防御逃逸
level: 2
matchedinfo: 检查程序运行时监视鼠标是否移动。一般被恶意软件用于沙盒逃逸
num: 26
process_id: 1440
process_name: 1618819219350_bc1c750ae00f565462453063c57a603a.exe
rulename: 获取当前鼠标位置
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 当前运行环境不符合时(如:检测到杀毒软件等),程序会主动退出达到规避检测的目的。恶意行为可能没有完全触发
num: 80
process_id: 1440
process_name: 1618819219350_bc1c750ae00f565462453063c57a603a.exe
rulename: 结束自身进程