VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load
VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

290d2267039a01322b590592cbf0c13c    Hybrid analysis report

Basic Information

file name: 290d2267039a01322b590592cbf0c13c
file size: 98304
file type: PE32 executable (GUI) Intel 80386, for MS Windows
Submission time: 2019-07-14 06:40:25
MD5: 290d2267039a01322b590592cbf0c13c
sha1: 188996bfb808374f09a6f5a087d47f4fc450d668
sha256: 16fdf499c06543dedab6f17279fdf1fabb29779f54cb1f4cc2e61fdb6961ed33
enviorment_description: Windows 7 32 bit (HWP Support)
threat_score: 60
threat_level: 2
verdict: malicious
total_processes: 1
total_signatures: 27
file_analysis: 2
mitre_attcks:
tactic: Execution
technique: Windows Management Instrumentation
attck_id: T1047
attck_id_wiki: https://attack.mitre.org/wiki/Technique/T1047
malicious_identifiers_count: 0
suspicious_identifiers_count: 2
informative_identifiers_count: 0
tactic: Execution
technique: Service Execution
attck_id: T1035
attck_id_wiki: https://attack.mitre.org/wiki/Technique/T1035
malicious_identifiers_count: 0
suspicious_identifiers_count: 2
informative_identifiers_count: 0
tactic: Persistence
technique: Hooking
attck_id: T1179
attck_id_wiki: https://attack.mitre.org/wiki/Technique/T1179
malicious_identifiers_count: 0
suspicious_identifiers_count: 1
informative_identifiers_count: 0
tactic: Persistence
technique: Kernel Modules and Extensions
attck_id: T1215
attck_id_wiki: https://attack.mitre.org/wiki/Technique/T1215
malicious_identifiers_count: 0
suspicious_identifiers_count: 1
informative_identifiers_count: 1
tactic: Privilege Escalation
technique: Hooking
attck_id: T1179
attck_id_wiki: https://attack.mitre.org/wiki/Technique/T1179
malicious_identifiers_count: 0
suspicious_identifiers_count: 1
informative_identifiers_count: 0
tactic: Credential Access
technique: Hooking
attck_id: T1179
attck_id_wiki: https://attack.mitre.org/wiki/Technique/T1179
malicious_identifiers_count: 0
suspicious_identifiers_count: 1
informative_identifiers_count: 0
tactic: Discovery
technique: Query Registry
attck_id: T1012
attck_id_wiki: https://attack.mitre.org/wiki/Technique/T1012
malicious_identifiers_count: 0
suspicious_identifiers_count: 3
informative_identifiers_count: 1
tactic: Discovery
technique: Process Discovery
attck_id: T1057
attck_id_wiki: https://attack.mitre.org/wiki/Technique/T1057
malicious_identifiers_count: 0
suspicious_identifiers_count: 1
informative_identifiers_count: 0
tactic: Discovery
technique: Peripheral Device Discovery
attck_id: T1120
attck_id_wiki: https://attack.mitre.org/wiki/Technique/T1120
malicious_identifiers_count: 0
suspicious_identifiers_count: 0
informative_identifiers_count: 1
tactic: Lateral Movement
technique: Remote Desktop Protocol
attck_id: T1076
attck_id_wiki: https://attack.mitre.org/wiki/Technique/T1076
malicious_identifiers_count: 0
suspicious_identifiers_count: 1
informative_identifiers_count: 0
tactic: Exfiltration
technique: Data Compressed
attck_id: T1002
attck_id_wiki: https://attack.mitre.org/wiki/Technique/T1002
malicious_identifiers_count: 0
suspicious_identifiers_count: 0
informative_identifiers_count: 1

Document analysis report

uuid: java:java.util.UUID
xmlns: http://www.misp-project.org/
Event
id: 599b814f-5c19-47c5-b60e-416fe1925936
date: 2019-05-13
info: Falcon Sandbox auto-generated for \"16fdf499c06543dedab6f17279fdf1fabb29779f54cb1f4cc2e61fdb6961ed33\"
analysis: 2
distribution: 1
published: 1
Attribute
category: External analysis
type: link
value: https://www.hybrid-analysis.com/search?query=16fdf499c06543dedab6f17279fdf1fabb29779f54cb1f4cc2e61fdb6961ed33
distribution: 1
category: External analysis
type: comment
value: Falcon Sandbox v8.30 Copyright 2019 Hybrid Analysis GmbH, All Rights Reserved, www.payload-security.com
distribution: 1
category: Payload delivery
type: filename|md5
value: 16fdf499c06543dedab6f17279fdf1fabb29779f54cb1f4cc2e61fdb6961ed33|290d2267039a01322b590592cbf0c13c
distribution: 1
category: Payload delivery
type: filename|sha1
value: 16fdf499c06543dedab6f17279fdf1fabb29779f54cb1f4cc2e61fdb6961ed33|188996bfb808374f09a6f5a087d47f4fc450d668
distribution: 1
category: Payload delivery
type: filename|sha256
value: 16fdf499c06543dedab6f17279fdf1fabb29779f54cb1f4cc2e61fdb6961ed33|16fdf499c06543dedab6f17279fdf1fabb29779f54cb1f4cc2e61fdb6961ed33
distribution: 1
category: Payload delivery
type: filename|sha512
value: 16fdf499c06543dedab6f17279fdf1fabb29779f54cb1f4cc2e61fdb6961ed33|cc17869703a6c875b507bf6bb4d7a11d4ee1ebdff8a0c2e7aa0483a89f03252904c596d92be75ccacc40ac025d9d8917d3ec9a7d4546e54bfca3c3816a5fafd4
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\LOCAL SETTINGS\MUICACHE\100\52C64B7E\LANGUAGELIST|65006E002D0055005300000065006E0000000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\LOCAL SETTINGS\MUICACHE\100\52C64B7E\@C:\WINDOWS\SYSTEM32\NETWORKEXPLORER.DLL,-1|4E006500740077006F0072006B000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSE FOR FOLDER WIDTH|3E010000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSE FOR FOLDER HEIGHT|20010000
distribution: 1