VirSCAN VirSCAN

1, Podés SUBIR cualquier archivo de hasta 20MB.
2, VirSCAN soporta descompresión Rar/Zip de hasta 20 archivos.
3, VirSCAN puede escanear archivos comprimidos con la contraseña 'infected' o 'virus'.
4, Si su navegador no puede cargar el archivo, por favor descargue el archivo virscan.

Idioma
Carga del Servidor
Server Load
VirSCAN
VirSCAN

1, Podés SUBIR cualquier archivo de hasta 20MB.
2, VirSCAN soporta descompresión Rar/Zip de hasta 20 archivos.
3, VirSCAN puede escanear archivos comprimidos con la contraseña 'infected' o 'virus'.

Información básica

Nombre de archivo: 00末日轮盘
Tamaño de archivo: 480323
Tipo de archivo: application/x-dosexec
MD5: 11861a96911313b25a19f6c3cd318db0
sha1: 1034758e1a8c9d9053fb7e0a58564943077fc57b

 CreateProcess

ApplicationName:
CmdLine:
childid: 2848
childname: 1618848012838_11861a96911313b25a19f6c3cd318db0.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\1618848012838_11861a96911313b25a19f6c3cd318db0.exe
drop_type:
name:
noNeedLine:
path:
pid: 568

 Dropped Unsave

analysis_result: HEUR:Worm.Win32.Pluto.gen
create: 0
how: write
md5: 76d65584d003082c15ab988417c5cd26
name: Borland Delphi 6 Full Downloader.exe
new_size: 469KB (480798bytes)
operation: 修改文件
path: C:\My Downloads\Borland Delphi 6 Full Downloader.exe
processid: 2848
processname: 1618848012838_11861a96911313b25a19f6c3cd318db0.exe
sha1: bf1871ab748a8c06d4b98b85c9a00a9f297bb3b0
sha256: 2d1cd6b58fe3017b0e156215ff61501f2547b283511bb11aaacb480cdc1a41b2
size: 480798
this_path: /data/cuckoo/storage/analyses/4000189/files/1000/Borland Delphi 6 Full Downloader.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: HEUR:Worm.Win32.Pluto.gen
create: 0
how: write
md5: be7842564ba5cf7a16aa33f082ff4cc4
name: Critical Point Manga game Key Generator.exe
new_size: 469KB (480795bytes)
operation: 修改文件
path: C:\My Downloads\Critical Point Manga game Key Generator.exe
processid: 2848
processname: 1618848012838_11861a96911313b25a19f6c3cd318db0.exe
sha1: 9136e57645bb1804ce195761144c00d467e4b2a6
sha256: a0cf794b055f26fad6796b6837a7dd37a133603f8113bebca8cf031637765428
size: 480795
this_path: /data/cuckoo/storage/analyses/4000189/files/1001/Critical Point Manga game Key Generator.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: HEUR:Worm.Win32.Pluto.gen
create: 0
how: write
md5: 0e7ebbb16d48ce979becfe06e01b98bf
name: MSN Password Hacker and Stealer Patch.exe
new_size: 469KB (480526bytes)
operation: 修改文件
path: C:\My Downloads\MSN Password Hacker and Stealer Patch.exe
processid: 2848
processname: 1618848012838_11861a96911313b25a19f6c3cd318db0.exe
sha1: 73f76decaa2d6e9f5c7e0537429c2f2fd7f81ed3
sha256: 350e5c2c6df9c0164295963ddb88aefdb16dab943da9bcbd484c72b2cd7a607d
size: 480526
this_path: /data/cuckoo/storage/analyses/4000189/files/1002/MSN Password Hacker and Stealer Patch.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: HEUR:Worm.Win32.Pluto.gen
create: 0
how: write
md5: 2b606993ab824cc1637a821b4679de74
name: Tomb Raider 3 Crack.exe
new_size: 469KB (480334bytes)
operation: 修改文件
path: C:\My Downloads\Tomb Raider 3 Crack.exe
processid: 2848
processname: 1618848012838_11861a96911313b25a19f6c3cd318db0.exe
sha1: a4323b865e08abd28eb3b14bcf53a31782e1606f
sha256: 0cc5206b47c30347d91343955a4f6e32dde48f359467d625f76c6dda475600bc
size: 480334
this_path: /data/cuckoo/storage/analyses/4000189/files/1003/Tomb Raider 3 Crack.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: HEUR:Worm.Win32.Pluto.gen
create: 0
how: write
md5: 2b0a6ac091c757f035bf75fa44de9235
name: Black And White Crack.exe
new_size: 469KB (480574bytes)
operation: 修改文件
path: C:\My Downloads\Black And White Crack.exe
processid: 2848
processname: 1618848012838_11861a96911313b25a19f6c3cd318db0.exe
sha1: 6e3b865d8036d3e2fbb4b53d9b00346c5a63a0be
sha256: a54d0503ac48d99e35c0a174977f88fca49bdf12250dfb9f35a5602e3b00b080
size: 480574
this_path: /data/cuckoo/storage/analyses/4000189/files/1005/Black And White Crack.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: HEUR:Worm.Win32.Pluto.gen
create: 0
how: write
md5: 21224f4ce51c3eee645a797eea6fa800
name: Combat Flight Simulator 3 Patch.exe
new_size: 469KB (480669bytes)
operation: 修改文件
path: C:\My Downloads\Combat Flight Simulator 3 Patch.exe
processid: 2848
processname: 1618848012838_11861a96911313b25a19f6c3cd318db0.exe
sha1: 1239a1b26b4fe499b28e28b50f91a69bbccfe34b
sha256: 5f48c5735038c28132481e42c36bc089145e3493dae8566440a0ac0042068e4b
size: 480669
this_path: /data/cuckoo/storage/analyses/4000189/files/1006/Combat Flight Simulator 3 Patch.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: HEUR:Worm.Win32.Pluto.gen
create: 0
how: write
md5: ca012cd04f79b391bcc0e7aeeb554120
name: Soldier Of Fortune 2 Key Generator.exe
new_size: 470KB (481311bytes)
operation: 修改文件
path: C:\My Downloads\Soldier Of Fortune 2 Key Generator.exe
processid: 2848
processname: 1618848012838_11861a96911313b25a19f6c3cd318db0.exe
sha1: ca1badfc1d0df86255b4294cf75bb0fbe53b3dc0
sha256: 15431f07b4801221235dee9011f4603094c4aa4d9e7f96a848ca750c75e0cbe7
size: 481311
this_path: /data/cuckoo/storage/analyses/4000189/files/1007/Soldier Of Fortune 2 Key Generator.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: HEUR:Worm.Win32.Pluto.gen
create: 0
how: write
md5: 4db14376ac30dd0f40cbce42484dd435
name: Microsoft Office XP (English) Patch.exe
new_size: 469KB (480825bytes)
operation: 修改文件
path: C:\My Downloads\Microsoft Office XP (English) Patch.exe
processid: 2848
processname: 1618848012838_11861a96911313b25a19f6c3cd318db0.exe
sha1: d9bdfb2aa5d803c03bc7cc75fbbb1557de9d8f1d
sha256: 8dc5eaa38fd3106fcb37bdc836953ed37a75a03b36bb1efe36c32acd0c9d0900
size: 480825
this_path: /data/cuckoo/storage/analyses/4000189/files/1008/Microsoft Office XP (English) Patch.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: HEUR:Worm.Win32.Pluto.gen
create: 0
how: write
md5: dbc51a2fe4f1179b32b75325ff74bc5f
name: Half-life WON Key Generator.exe
new_size: 469KB (480345bytes)
operation: 修改文件
path: C:\My Downloads\Half-life WON Key Generator.exe
processid: 2848
processname: 1618848012838_11861a96911313b25a19f6c3cd318db0.exe
sha1: 6f7ccf577bfc595a91528863894ab9e1c05400ba
sha256: 24a6514adb43f6a422b9576b721c4aaa386e22bf4fffe52a2d6c12241ba00255
size: 480345
this_path: /data/cuckoo/storage/analyses/4000189/files/1009/Half-life WON Key Generator.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: HEUR:Worm.Win32.Pluto.gen
create: 0
how: write
md5: edb52b2a555d21bb686f6ff1f29d4b5a
name: Tomb Raider 3 Patch.exe
new_size: 469KB (481226bytes)
operation: 修改文件
path: C:\My Downloads\Tomb Raider 3 Patch.exe
processid: 2848
processname: 1618848012838_11861a96911313b25a19f6c3cd318db0.exe
sha1: 8c74030e1c36e5e71033ed91b818cfafcbab36e4
sha256: 26046ad05d035b4173581c07d1e7e444c498fecdc0fb2ebb00e7c1661fcd6fbd
size: 481226
this_path: /data/cuckoo/storage/analyses/4000189/files/1010/Tomb Raider 3 Patch.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: HEUR:Worm.Win32.Pluto.gen
create: 0
how: write
md5: 4672a76406d53bc54ebdc08878709e3a
name: Xbox.info Crack.exe
new_size: 469KB (480868bytes)
operation: 修改文件
path: C:\My Downloads\Xbox.info Crack.exe
processid: 2848
processname: 1618848012838_11861a96911313b25a19f6c3cd318db0.exe
sha1: 6ec12b493f420f194e12f78dca7668ebf642a85d
sha256: c24af2019e69276d0c3b98db41ac29213ddaa26bc5226aa34543709c7f8b2d9e
size: 480868
this_path: /data/cuckoo/storage/analyses/4000189/files/1011/Xbox.info Crack.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: HEUR:Worm.Win32.Pluto.gen
create: 0
how: write
md5: 9404d97dafb9c1c1d26da1be33093c18
name: Nero Burning Rom 5.8.0.1 ISO - Full Downloader.exe
new_size: 469KB (480685bytes)
operation: 修改文件
path: C:\My Downloads\Nero Burning Rom 5.8.0.1 ISO - Full Downloader.exe
processid: 2848
processname: 1618848012838_11861a96911313b25a19f6c3cd318db0.exe
sha1: 3f6fd4e789143574c74d0f675a33b7f2d1096b62
sha256: 091288ca1e47159b0327734925ddcf5c58abdf35eda179dd2cec87a9295310f3
size: 480685
this_path: /data/cuckoo/storage/analyses/4000189/files/1012/Nero Burning Rom 5.8.0.1 ISO - Full Downloader.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: HEUR:Worm.Win32.Pluto.gen
create: 0
how: write
md5: 12ae18096cce07024aebc53fea198f20
name: Unreal Tournament 3 ISO - Full Downloader.exe
new_size: 469KB (481153bytes)
operation: 修改文件
path: C:\My Downloads\Unreal Tournament 3 ISO - Full Downloader.exe
processid: 2848
processname: 1618848012838_11861a96911313b25a19f6c3cd318db0.exe
sha1: 48f93100de14cb70546efb8c0dc4592f60801383
sha256: caf8b77b774665610392db3171a8a4274fae85d3e6488b8847bf536f70f200af
size: 481153
this_path: /data/cuckoo/storage/analyses/4000189/files/1013/Unreal Tournament 3 ISO - Full Downloader.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: HEUR:Worm.Win32.Pluto.gen
create: 0
how: write
md5: 66b8ac169ac4a5569f5f8ebfbfef17cc
name: Aliens versus Predator 2 Primal Hunt Full Downloader.exe
new_size: 469KB (480440bytes)
operation: 修改文件
path: C:\My Downloads\Aliens versus Predator 2 Primal Hunt Full Downloader.exe
processid: 2848
processname: 1618848012838_11861a96911313b25a19f6c3cd318db0.exe
sha1: 90d8e3b34149968c02fb7d75b51b27c6f90e2e3d
sha256: cf6ebfa872e80b986c55539d03e407217d8feca1ff2bc711482cb1ec1a5145a8
size: 480440
this_path: /data/cuckoo/storage/analyses/4000189/files/1014/Aliens versus Predator 2 Primal Hunt Full Downloader.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: HEUR:Worm.Win32.Pluto.gen
create: 0
how: write
md5: b9c5d017e30167c4a91efe1f640b7f96
name: Battle.net Full Downloader.exe
new_size: 469KB (480996bytes)
operation: 修改文件
path: C:\My Downloads\Battle.net Full Downloader.exe
processid: 2848
processname: 1618848012838_11861a96911313b25a19f6c3cd318db0.exe
sha1: 28df42bdaf09bf766dd78e88ca0331991d471b87
sha256: 1f434cf9c9c3119143612097388609af9ad79aa2643fd78e2f1f164163107b20
size: 480996
this_path: /data/cuckoo/storage/analyses/4000189/files/1015/Battle.net Full Downloader.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: HEUR:Worm.Win32.Pluto.gen
create: 0
how: write
md5: 4405eff60f90730c5d03958c5faf47b6
name: Zidane-ScreenInstaler Key Generator.exe
new_size: 469KB (480615bytes)
operation: 修改文件
path: C:\My Downloads\Zidane-ScreenInstaler Key Generator.exe
processid: 2848
processname: 1618848012838_11861a96911313b25a19f6c3cd318db0.exe
sha1: e4ff3e500c65fc96a090ac8e0b9088a2c7b55a0d
sha256: ac1c2c5b39c3897c1d363f57179f3fd252a8e1fbaf7ddf12b5f1b38a8588e025
size: 480615
this_path: /data/cuckoo/storage/analyses/4000189/files/1016/Zidane-ScreenInstaler Key Generator.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: HEUR:Worm.Win32.Pluto.gen
create: 0
how: write
md5: 05e7e4328a8f0daa45da53d15bb38391
name: Dweebs 2 Full Downloader.exe
new_size: 469KB (481196bytes)
operation: 修改文件
path: C:\My Downloads\Dweebs 2 Full Downloader.exe
processid: 2848
processname: 1618848012838_11861a96911313b25a19f6c3cd318db0.exe
sha1: 65dd8bee99ac816cb284a042a33baebef7ff9089
sha256: fcc513508ae3a733cd78d0f91d30ba83c7a2969a0d9e6a3d64aab38d21a73a97
size: 481196
this_path: /data/cuckoo/storage/analyses/4000189/files/1017/Dweebs 2 Full Downloader.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: HEUR:Worm.Win32.Pluto.gen
create: 0
how: write
md5: 0bac6780cc0060c7b83125012d7d11f3
name: Cabelas Ultimate Deer Hunt 2 Full Downloader.exe
new_size: 469KB (480414bytes)
operation: 修改文件
path: C:\My Downloads\Cabelas Ultimate Deer Hunt 2 Full Downloader.exe
processid: 2848
processname: 1618848012838_11861a96911313b25a19f6c3cd318db0.exe
sha1: 1a2daaa5f9eafb88625ff47d3d6ecd3b856f8a1b
sha256: 649cfc36989e9d72943b6a62418b7f5ca8e63430f06a9ca5a5d74ba92e309138
size: 480414
this_path: /data/cuckoo/storage/analyses/4000189/files/1018/Cabelas Ultimate Deer Hunt 2 Full Downloader.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: HEUR:Worm.Win32.Pluto.gen
create: 0
how: write
md5: fd1887d3aa377736fe1537835ba88fd1
name: DSL Modem Uncapper Patch.exe
new_size: 469KB (480568bytes)
operation: 修改文件
path: C:\My Downloads\DSL Modem Uncapper Patch.exe
processid: 2848
processname: 1618848012838_11861a96911313b25a19f6c3cd318db0.exe
sha1: 42ac189de84a0b73a9d634d38872533ff465b1c6
sha256: 097f075b5fcdb15f497159d1bb02a8287a2eb7fbce5f69fb8ce05f04b9ef6077
size: 480568
this_path: /data/cuckoo/storage/analyses/4000189/files/1019/DSL Modem Uncapper Patch.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: HEUR:Worm.Win32.Pluto.gen
create: 0
how: write
md5: af34802c6500d7fc1112673e1de0a1c2
name: Strike Fighter Project 1 Patch.exe
new_size: 469KB (480470bytes)
operation: 修改文件
path: C:\My Downloads\Strike Fighter Project 1 Patch.exe
processid: 2848
processname: 1618848012838_11861a96911313b25a19f6c3cd318db0.exe
sha1: ed29c22fc3d9d6ee103d5d671d67fb5ff302ccf3
sha256: ba3a10eb6d2e42603a58d495f61128105f4704ed9711b22342ec4b966687a9c2
size: 480470
this_path: /data/cuckoo/storage/analyses/4000189/files/1020/Strike Fighter Project 1 Patch.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: HEUR:Worm.Win32.Pluto.gen
create: 0
how: write
md5: 5c6148c4448aaa5c653ea0e6ce6e5618
name: Necromania Trap Of Darkness Key Generator.exe
new_size: 469KB (480993bytes)
operation: 修改文件
path: C:\My Downloads\Necromania Trap Of Darkness Key Generator.exe
processid: 2848
processname: 1618848012838_11861a96911313b25a19f6c3cd318db0.exe
sha1: 548a36dc27045c6028e96c68d290b850d121b193
sha256: 85b31b88d7e620394984b5c18ec80fa7417d98c3972ba3ae53f697a61dbedfca
size: 480993
this_path: /data/cuckoo/storage/analyses/4000189/files/1021/Necromania Trap Of Darkness Key Generator.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: HEUR:Worm.Win32.Pluto.gen
create: 0
how: write
md5: 3af92d2460dfc6473b910bff15778b9a
name: Battle.net Key Generator.exe
new_size: 469KB (480668bytes)
operation: 修改文件
path: C:\My Downloads\Battle.net Key Generator.exe
processid: 2848
processname: 1618848012838_11861a96911313b25a19f6c3cd318db0.exe
sha1: a25756f7c45ca3a950470bafc5c6cd38c3c2d1a4
sha256: 2241785e284b0e4650d52e7051b48e058cd7c10b33998ea0655dd22e1f6fe5fd
size: 480668
this_path: /data/cuckoo/storage/analyses/4000189/files/1022/Battle.net Key Generator.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: HEUR:Worm.Win32.Pluto.gen
create: 0
how: write
md5: b8832b2149dcda74892cf6b1173e974a
name: SIMS Patch.exe
new_size: 469KB (480524bytes)
operation: 修改文件
path: C:\My Downloads\SIMS Patch.exe
processid: 2848
processname: 1618848012838_11861a96911313b25a19f6c3cd318db0.exe
sha1: 4416bec1ddf34262162a9563a66e8287147fd30d
sha256: b80e6c6723318029f264e40a6d98136ce3abc5a51738cc6b4f84c00b2c70a27e
size: 480524
this_path: /data/cuckoo/storage/analyses/4000189/files/1023/SIMS Patch.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: HEUR:Worm.Win32.Pluto.gen
create: 0
how: write
md5: 71173369562ab1c56d2eeafa47c2f88b
name: Need For Speed 5 Porsche Unleashed Full Downloader.exe
new_size: 469KB (480472bytes)
operation: 修改文件
path: C:\My Downloads\Need For Speed 5 Porsche Unleashed Full Downloader.exe
processid: 2848
processname: 1618848012838_11861a96911313b25a19f6c3cd318db0.exe
sha1: 0a2e66e4868e52b8ef704f7ad2aae429dc1fbbfa
sha256: ae1519a4786709c0a4d0afaa13ce2658639221024b299f811938cd48cd4ed469
size: 480472
this_path: /data/cuckoo/storage/analyses/4000189/files/1024/Need For Speed 5 Porsche Unleashed Full Downloader.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: HEUR:Worm.Win32.Pluto.gen
create: 0
how: write
md5: ee1bb17b08f7f1913043dceae514867d
name: Winrar 3.2 Full Downloader.exe
new_size: 469KB (480978bytes)
operation: 修改文件
path: C:\My Downloads\Winrar 3.2 Full Downloader.exe
processid: 2848
processname: 1618848012838_11861a96911313b25a19f6c3cd318db0.exe
sha1: ee765dda4bfde331e9557833688f2913dd2a3d20
sha256: 6ad2b3ba8f2890f0d188a3d2cc0013ad18976a2cac2e31a9feca4ae523693e83
size: 480978
this_path: /data/cuckoo/storage/analyses/4000189/files/1025/Winrar 3.2 Full Downloader.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: HEUR:Worm.Win32.Pluto.gen
create: 0
how: write
md5: 5483c392f705f7407b35ba37eabd6887
name: Norton Utilities 2002 XP Patch.exe
new_size: 469KB (480775bytes)
operation: 修改文件
path: C:\My Downloads\Norton Utilities 2002 XP Patch.exe
processid: 2848
processname: 1618848012838_11861a96911313b25a19f6c3cd318db0.exe
sha1: e97cacbda571f2f83aac946d6093a6bcc6b60acd
sha256: 9a5345843ce12a14a36a10f34f784e7fd1a169ab2a71ecefcd0906804fcaf755
size: 480775
this_path: /data/cuckoo/storage/analyses/4000189/files/1026/Norton Utilities 2002 XP Patch.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: HEUR:Worm.Win32.Pluto.gen
create: 0
how: write
md5: 370ddc9bab35f8854c59e524c6459dbe
name: Warcraft 3 ONLINE Full Downloader.exe
new_size: 469KB (480536bytes)
operation: 修改文件
path: C:\My Downloads\Warcraft 3 ONLINE Full Downloader.exe
processid: 2848
processname: 1618848012838_11861a96911313b25a19f6c3cd318db0.exe
sha1: e023c5ce2ce2984ad5f54c4dea4eb7fc3f356f3f
sha256: 33f27a8c7b5f520b0958c5bac5eb4212597b64759995177e6c39d8f7beae5da2
size: 480536
this_path: /data/cuckoo/storage/analyses/4000189/files/1027/Warcraft 3 ONLINE Full Downloader.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: HEUR:Worm.Win32.Pluto.gen
create: 0
how: write
md5: 10c25b6a8fa241a3857c94f6185fa3c3
name: Gearhead Garage Patch.exe
new_size: 469KB (480703bytes)
operation: 修改文件
path: C:\My Downloads\Gearhead Garage Patch.exe
processid: 2848
processname: 1618848012838_11861a96911313b25a19f6c3cd318db0.exe
sha1: abcf655ac6557aa06c789a34acf9ab51986b1598
sha256: 09ed557b6c385660a4b91ab1c1ca493b4cc890269114c6c7e5486f7521a6e8a5
size: 480703
this_path: /data/cuckoo/storage/analyses/4000189/files/1028/Gearhead Garage Patch.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: HEUR:Worm.Win32.Pluto.gen
create: 0
how: write
md5: d97caabba0d012e8dbdb2c53cd06dc7a
name: MS Train Simulator Key Generator.exe
new_size: 469KB (480930bytes)
operation: 修改文件
path: C:\My Downloads\MS Train Simulator Key Generator.exe
processid: 2848
processname: 1618848012838_11861a96911313b25a19f6c3cd318db0.exe
sha1: 0234af67416118ecde47b9aabd0c1d8cb89f1268
sha256: c405d67d19fef4620af0574334488083e6688fcc60c03d487e62c22556b40a80
size: 480930
this_path: /data/cuckoo/storage/analyses/4000189/files/1029/MS Train Simulator Key Generator.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: HEUR:Worm.Win32.Pluto.gen
create: 0
how: write
md5: 507ca4bb106fa3daafc22b42de281a39
name: Soldiers Of Anarchy Key Generator.exe
new_size: 469KB (481218bytes)
operation: 修改文件
path: C:\My Downloads\Soldiers Of Anarchy Key Generator.exe
processid: 2848
processname: 1618848012838_11861a96911313b25a19f6c3cd318db0.exe
sha1: 2a3ba46f8771eea023c6cd99f49e8a39e542d1e0
sha256: 7cd903754f520e632945bf553e6bae0e14f90f3f6478a33b60aea0f6a58a1ea0
size: 481218
this_path: /data/cuckoo/storage/analyses/4000189/files/1030/Soldiers Of Anarchy Key Generator.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: HEUR:Worm.Win32.Pluto.gen
create: 0
how: write
md5: b5d27a31e53ca8ea1b54cebef42f3232
name: Necromania Trap Of Darkness Patch.exe
new_size: 469KB (480690bytes)
operation: 修改文件
path: C:\My Downloads\Necromania Trap Of Darkness Patch.exe
processid: 2848
processname: 1618848012838_11861a96911313b25a19f6c3cd318db0.exe
sha1: 53802dce5b2ccc01c41e75a1df95c5c8ff54e11f
sha256: b203643f1227e3830cffef402999aab28a80d57610c8205ff27b750f7105c5c0
size: 480690
this_path: /data/cuckoo/storage/analyses/4000189/files/1031/Necromania Trap Of Darkness Patch.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: HEUR:Worm.Win32.Pluto.gen
create: 0
how: write
md5: 5cd24f6f4a970b53dff7f2e01a2f7c5d
name: The Neverending Story Part I Patch.exe
new_size: 469KB (480709bytes)
operation: 修改文件
path: C:\My Downloads\The Neverending Story Part I Patch.exe
processid: 2848
processname: 1618848012838_11861a96911313b25a19f6c3cd318db0.exe
sha1: 1ed79f9018aa7d61f0deeab179ab859f2ea1bd98
sha256: d794d35216e840fa348c9bc032867f74a4bd37cf2097a54e1011f5b1e1aadbd5
size: 480709
this_path: /data/cuckoo/storage/analyses/4000189/files/1032/The Neverending Story Part I Patch.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: HEUR:Worm.Win32.Pluto.gen
create: 0
how: write
md5: 162015749bc4f98482008a8a8aa1b525
name: Warcraft 3 Patch.exe
new_size: 469KB (480919bytes)
operation: 修改文件
path: C:\My Downloads\Warcraft 3 Patch.exe
processid: 2848
processname: 1618848012838_11861a96911313b25a19f6c3cd318db0.exe
sha1: 78bc403ebc0f9a688eeb1637711ada0bc535f0ae
sha256: 21b1f273aeaafa79b25099e1fc196c4a3892964026cdd8fd7cede5136e1e1535
size: 480919
this_path: /data/cuckoo/storage/analyses/4000189/files/1033/Warcraft 3 Patch.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: HEUR:Worm.Win32.Pluto.gen
create: 0
how: write
md5: b02f4daa7a527ac21d66b71568bb1a92
name: Duke Nukem Manhattan Project ISO - Full Downloader.exe
new_size: 469KB (480800bytes)
operation: 修改文件
path: C:\My Downloads\Duke Nukem Manhattan Project ISO - Full Downloader.exe
processid: 2848
processname: 1618848012838_11861a96911313b25a19f6c3cd318db0.exe
sha1: 27a821cddb4c1c75af1811b8c2f64f09ef416a09
sha256: 09890ba5b27366a8eb19d0e9a19d15b3a0fc4e5e659c2dd520dd3d4ffb531db3
size: 480800
this_path: /data/cuckoo/storage/analyses/4000189/files/1034/Duke Nukem Manhattan Project ISO - Full Downloader.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: HEUR:Worm.Win32.Pluto.gen
create: 0
how: write
md5: 7329c286ee72db0a670025faa4ae09c9
name: Grand Prix 4 Key Generator.exe
new_size: 469KB (480985bytes)
operation: 修改文件
path: C:\My Downloads\Grand Prix 4 Key Generator.exe
processid: 2848
processname: 1618848012838_11861a96911313b25a19f6c3cd318db0.exe
sha1: 9ce891c8b29dd352647a064827d32d0fbc5d33d0
sha256: fdd33ebfabad7b3afafc035f775e0858054ca7ba2970f1197ffd03e752092daf
size: 480985
this_path: /data/cuckoo/storage/analyses/4000189/files/1035/Grand Prix 4 Key Generator.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: HEUR:Worm.Win32.Pluto.gen
create: 0
how: write
md5: 1f67764e3d23a79f86455d98874ef516
name: Borland Delphi 6 Patch.exe
new_size: 469KB (481189bytes)
operation: 修改文件
path: C:\My Downloads\Borland Delphi 6 Patch.exe
processid: 2848
processname: 1618848012838_11861a96911313b25a19f6c3cd318db0.exe
sha1: 73ff65b628c443e095570f0cf27149ca4443536a
sha256: 1145b27a52befc86930c3ac97d5872ef07387cfa17b965bd9df01a859a9a7fc1
size: 481189
this_path: /data/cuckoo/storage/analyses/4000189/files/1036/Borland Delphi 6 Patch.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: HEUR:Worm.Win32.Pluto.gen
create: 0
how: write
md5: ae4a8c7ac36d04c3e67e59a1cf9f16a7
name: Comanche 4 Key Generator.exe
new_size: 469KB (480688bytes)
operation: 修改文件
path: C:\My Downloads\Comanche 4 Key Generator.exe
processid: 2848
processname: 1618848012838_11861a96911313b25a19f6c3cd318db0.exe
sha1: 1e2fc089065cf048f256cdf31a98758ba1943cbf
sha256: d8ad8c5814269e83a663c697d57adee249542d640b6a4fbe98aaa3618b6acbf2
size: 480688
this_path: /data/cuckoo/storage/analyses/4000189/files/1037/Comanche 4 Key Generator.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: HEUR:Worm.Win32.Pluto.gen
create: 0
how: write
md5: edb52b2a555d21bb686f6ff1f29d4b5a
name: Shakira Patch.exe
new_size: 469KB (481226bytes)
operation: 修改文件
path: C:\My Downloads\Shakira Patch.exe
processid: 2848
processname: 1618848012838_11861a96911313b25a19f6c3cd318db0.exe
sha1: 8c74030e1c36e5e71033ed91b818cfafcbab36e4
sha256: 26046ad05d035b4173581c07d1e7e444c498fecdc0fb2ebb00e7c1661fcd6fbd
size: 481226
this_path: /data/cuckoo/storage/analyses/4000189/files/1038/Shakira Patch.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: HEUR:Worm.Win32.Pluto.gen
create: 0
how: write
md5: e90e267e22c5516e8f2430123fc23d28
name: The Sun Of All Fears Patch.exe
new_size: 469KB (480699bytes)
operation: 修改文件
path: C:\My Downloads\The Sun Of All Fears Patch.exe
processid: 2848
processname: 1618848012838_11861a96911313b25a19f6c3cd318db0.exe
sha1: a312601ce06597495a0074a0749d2bddd1e56ebe
sha256: 31b8e2a531c1506049e18730f931fe735deccdc04afebae25e8791ceb4126cc3
size: 480699
this_path: /data/cuckoo/storage/analyses/4000189/files/1039/The Sun Of All Fears Patch.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: HEUR:Worm.Win32.Pluto.gen
create: 0
how: write
md5: 227304dd7ff2ee1ed08eb848eefcf809
name: Microsoft Office XP (English) Key Generator.exe
new_size: 469KB (481003bytes)
operation: 修改文件
path: C:\My Downloads\Microsoft Office XP (English) Key Generator.exe
processid: 2848
processname: 1618848012838_11861a96911313b25a19f6c3cd318db0.exe
sha1: b980b60ca75e447c765d73b2a05be635c682750d
sha256: 98244178502ab812324abbd7bfb4e5dc24dfd16f604f00d8a71afc2dba226549
size: 481003
this_path: /data/cuckoo/storage/analyses/4000189/files/1040/Microsoft Office XP (English) Key Generator.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: HEUR:Worm.Win32.Pluto.gen
create: 0
how: write
md5: d6349c8f072c4dc82e4d8d50441b4412
name: Windows XP SP1 Crack.exe
new_size: 469KB (480635bytes)
operation: 修改文件
path: C:\My Downloads\Windows XP SP1 Crack.exe
processid: 2848
processname: 1618848012838_11861a96911313b25a19f6c3cd318db0.exe
sha1: c001fe5c17ebd517c590584b72de3e8d96b3eb26
sha256: cae3da5455ddceb90ae3b8815a2b2459beefcfbd922bc0263b89b09a8d103fcf
size: 480635
this_path: /data/cuckoo/storage/analyses/4000189/files/1041/Windows XP SP1 Crack.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: HEUR:Worm.Win32.Pluto.gen
create: 0
how: write
md5: 8f9ca0d54eb29dc731a410a6f1abc6fd
name: Strike Fighter Project 1 ISO - Full Downloader.exe
new_size: 469KB (480727bytes)
operation: 修改文件
path: C:\My Downloads\Strike Fighter Project 1 ISO - Full Downloader.exe
processid: 2848
processname: 1618848012838_11861a96911313b25a19f6c3cd318db0.exe
sha1: e0fe43ee39f9ca2e20f36f7caffe391c657a8f19
sha256: 757693d4f2e0313eec0c90538c86404ebd7158edb913856661cb8e64303091f5
size: 480727
this_path: /data/cuckoo/storage/analyses/4000189/files/1042/Strike Fighter Project 1 ISO - Full Downloader.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: HEUR:Worm.Win32.Pluto.gen
create: 0
how: write
md5: 4df23e0e2eb77b83482c376c198bf077
name: Black And White Patch.exe
new_size: 469KB (480916bytes)
operation: 修改文件
path: C:\My Downloads\Black And White Patch.exe
processid: 2848
processname: 1618848012838_11861a96911313b25a19f6c3cd318db0.exe
sha1: 9f02286a377ff11f01463f7232be1aaa7678b475
sha256: de7404701f36c8489ae29f3922502130d19b6378d9520fa84aa25808b3dca1e9
size: 480916
this_path: /data/cuckoo/storage/analyses/4000189/files/1043/Black And White Patch.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: HEUR:Worm.Win32.Pluto.gen
create: 0
how: write
md5: eae83400237912893e458c953356ecb1
name: Empire Earth Key Generator.exe
new_size: 469KB (480987bytes)
operation: 修改文件
path: C:\My Downloads\Empire Earth Key Generator.exe
processid: 2848
processname: 1618848012838_11861a96911313b25a19f6c3cd318db0.exe
sha1: 835333efabc6c11b18a41703577c4fb139edb084
sha256: 843ef55e7a585261db011312582f83a755fa18c32f9f9fcf1a2341503e895880
size: 480987
this_path: /data/cuckoo/storage/analyses/4000189/files/1044/Empire Earth Key Generator.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: HEUR:Worm.Win32.Pluto.gen
create: 0
how: write
md5: 48da6f01c351058d818018c33447ae97
name: The Thing Crack.exe
new_size: 469KB (480829bytes)
operation: 修改文件
path: C:\My Downloads\The Thing Crack.exe
processid: 2848
processname: 1618848012838_11861a96911313b25a19f6c3cd318db0.exe
sha1: 116604655dc5b4002a55bc18004823547802fea8
sha256: 36ede83edcb4abad7bef3e6687aadd3b6adfc443c8f55595bcb2822cadb026b8
size: 480829
this_path: /data/cuckoo/storage/analyses/4000189/files/1045/The Thing Crack.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: HEUR:Worm.Win32.Pluto.gen
create: 0
how: write
md5: 198f5fd8be1c12b2111c82ee5c247f23
name: Quake 3 Arena Full Downloader.exe
new_size: 469KB (480814bytes)
operation: 修改文件
path: C:\My Downloads\Quake 3 Arena Full Downloader.exe
processid: 2848
processname: 1618848012838_11861a96911313b25a19f6c3cd318db0.exe
sha1: fd80448d5907a6a7a54196da5f0d381b3d57958f
sha256: 736f7d84ae9c4c9de3766b46d1da32ac5efccac0771b3aaa471d9da4f007d4ff
size: 480814
this_path: /data/cuckoo/storage/analyses/4000189/files/1046/Quake 3 Arena Full Downloader.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: HEUR:Worm.Win32.Pluto.gen
create: 0
how: write
md5: ecb274979c4796fbdf1e1e6b00c2f4c6
name: MS Train Simulator Full Downloader.exe
new_size: 469KB (480753bytes)
operation: 修改文件
path: C:\My Downloads\MS Train Simulator Full Downloader.exe
processid: 2848
processname: 1618848012838_11861a96911313b25a19f6c3cd318db0.exe
sha1: 803342b1f457bef80567c580ab3c42c63df9be8b
sha256: 49a47f1c20feb241262c5e28857cab943d55b4179842e6c78394e4eb86f6c5f1
size: 480753
this_path: /data/cuckoo/storage/analyses/4000189/files/1047/MS Train Simulator Full Downloader.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: HEUR:Worm.Win32.Pluto.gen
create: 0
how: write
md5: 6f2f8d88ecc3ac6588e1ae9cda656d44
name: CloneCD Crack.exe
new_size: 470KB (481313bytes)
operation: 修改文件
path: C:\My Downloads\CloneCD Crack.exe
processid: 2848
processname: 1618848012838_11861a96911313b25a19f6c3cd318db0.exe
sha1: 7e782e69db9b309e41bfbee8c1b291fffaf10cef
sha256: b6c5baa7bfb1d66bccbcedf651d99dc50902453327774ee82faa9c9f5bb0e73b
size: 481313
this_path: /data/cuckoo/storage/analyses/4000189/files/1048/CloneCD Crack.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: HEUR:Worm.Win32.Pluto.gen
create: 0
how: write
md5: 98c5ad4a14d47fc759b7e0ec1c4207b5
name: Age of Sail 2 Key Generator.exe
new_size: 469KB (480726bytes)
operation: 修改文件
path: C:\My Downloads\Age of Sail 2 Key Generator.exe
processid: 2848
processname: 1618848012838_11861a96911313b25a19f6c3cd318db0.exe
sha1: 84aa62a05980e047e3fa3b407d7b5a9a226e805c
sha256: eff8c5835c4ae3ebe691964ad456bebaec41135bb4053dc1486101ccd9638723
size: 480726
this_path: /data/cuckoo/storage/analyses/4000189/files/1049/Age of Sail 2 Key Generator.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: HEUR:Worm.Win32.Pluto.gen
create: 0
how: write
md5: 395a17ff74168cdfa69abbc47e10c363
name: Clive Barker抯 Undying Crack.exe
new_size: 469KB (480409bytes)
operation: 修改文件
path: C:\My Downloads\Clive Barker抯 Undying Crack.exe
processid: 2848
processname: 1618848012838_11861a96911313b25a19f6c3cd318db0.exe
sha1: c029a7a2ca15195fbec3c6a6e8e90b0fe5a7f522
sha256: 7a91320d3ea75a39b805e46cff244ea8efdaad1fed17487db392348156c0b9e7
size: 480409
this_path: /data/cuckoo/storage/analyses/4000189/files/1050/Clive Barker抯 Undying Crack.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

 Malicious

attck_tactics: 其他恶意行为
level: 2
matchedinfo: 恶意程序通过从资源段释放资源到内存中,进行解密操作
num: 82
process_id: 2848
process_name: 1618848012838_11861a96911313b25a19f6c3cd318db0.exe
rulename: 加载资源到内存
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 127
process_id: 2848
process_name: 1618848012838_11861a96911313b25a19f6c3cd318db0.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过遍历系统中进程,可以用于特定杀软逃逸、虚拟机逃逸等
num: 580
process_id: 2848
process_name: 1618848012838_11861a96911313b25a19f6c3cd318db0.exe
rulename: 遍历系统中的进程
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 703
process_id: 2848
process_name: 1618848012838_11861a96911313b25a19f6c3cd318db0.exe
rulename: 遍历文件
attck_tactics: 防御逃逸
level: 2
matchedinfo: 检查程序运行时监视鼠标是否移动。一般被恶意软件用于沙盒逃逸
num: 1365
process_id: 2848
process_name: 1618848012838_11861a96911313b25a19f6c3cd318db0.exe
rulename: 获取当前鼠标位置