VirSCAN VirSCAN

1, Vous pouvez ENVOYER tout fichier mais il y a une limite de 20 Mo par fichier.
2, VirSCAN supporte la décompression Rar/Zip mais il doit y avoir moins de 20 fichiers.
3, VirSCAN peut détecter un fichier compressé avec le mot de passe 'infected' ou 'virus'.
4, Si votre navigateur ne peut pas télécharger le fichier, téléchargez virscan uploader pour télécharger.

La langue
Charge du serveur
Server Load
VirSCAN
VirSCAN

1, Vous pouvez ENVOYER tout fichier mais il y a une limite de 20 Mo par fichier.
2, VirSCAN supporte la décompression Rar/Zip mais il doit y avoir moins de 20 fichiers.
3, VirSCAN peut détecter un fichier compressé avec le mot de passe 'infected' ou 'virus'.

Informations de base

Nom du fichier: 00宋时归
Taille du fichier: 420122
Type de fichier: application/x-dosexec
MD5: 937124f727d10bc301bcf43896081316
sha1: 2aba93d8c402e16e173382d10ba745463c588251

 CreateProcess

ApplicationName: C:\ProgramData\cafkp.exe
CmdLine:
childid: 2000
childname: cafkp.exe
childpath: C:\ProgramData\cafkp.exe
drop_type: 1
name: 1621090827431_937124f727d10bc301bcf43896081316.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1621090827431_937124f727d10bc301bcf43896081316.exe
pid: 1680
ApplicationName:
CmdLine:
childid: 1680
childname: 1621090827431_937124f727d10bc301bcf43896081316.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\1621090827431_937124f727d10bc301bcf43896081316.exe
drop_type:
name:
noNeedLine:
path:
pid: 2352

 Summary

buffer: C:\ProgramData\cafkp.exe
processid: 2000
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
type: REG_SZ
valuename: Microsoft\xae Windows\xae Operating System

 Dropped_Save

analysis_result: 安全
create: 0
how: write
md5: aef10b9ba25f907727558514f2dfbab0
name: Mira.h
new_size: 150KB (154322bytes)
operation: 修改文件
path: C:\ProgramData\Saaaalamm\Mira.h
processid: 1680
processname: 1621090827431_937124f727d10bc301bcf43896081316.exe
sha1: d67383ef1b23d4da72339d66de9541c2e1efaf53
sha256: f5e77ddc706f6dffe056dc2f8a88adece36e0e4552bc70a85f36b1e01fe547ad
size: 154322
this_path: /data/cuckoo/storage/analyses/2000486/files/1001/Mira.h
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 7d2d1d3b96da7c78d69d0f592d3754e6
name: $Recycle.Bin .exe
new_size: 410KB (420124bytes)
operation: 修改文件
path: C:\$Recycle.Bin .exe
processid: 2000
processname: cafkp.exe
sha1: 800926d65c11bb0f016cbe66c776966790eca177
sha256: 2ea42b4d59b2d3aabb237a7f282f1ac5d7144960aefc07315dc42660b6691ccd
size: 420124
this_path: /data/cuckoo/storage/analyses/2000486/files/1002/$Recycle.Bin .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 5b0ad02fa776b8ff86de7724e36c450b
name: Documents and Settings .exe
new_size: 410KB (420124bytes)
operation: 修改文件
path: C:\Documents and Settings .exe
processid: 2000
processname: cafkp.exe
sha1: f48c9a78dc2f91fca7da4474244278c6d3e8d561
sha256: 74e7cc47bfc410105f4472579475d98c37d0f0229e9b18e1d1ac44955cc67b2e
size: 420124
this_path: /data/cuckoo/storage/analyses/2000486/files/1003/Documents and Settings .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 833f327f27e28f71eb6ba4e587a9279e
name: eWssJG .exe
new_size: 410KB (420124bytes)
operation: 修改文件
path: C:\eWssJG .exe
processid: 2000
processname: cafkp.exe
sha1: f21bd72be25efa1477186db3d1daef52c81e9f3d
sha256: 104478ced70c256f0593e6930ea6adf6d2f8194ad22668d3a06d629f0473bd6a
size: 420124
this_path: /data/cuckoo/storage/analyses/2000486/files/1004/eWssJG .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 9a6c636a66ef829a28844149b54094fa
name: FIEOHZSIXGU .exe
new_size: 410KB (420124bytes)
operation: 修改文件
path: C:\FIEOHZSIXGU .exe
processid: 2000
processname: cafkp.exe
sha1: d294c989f8d7f01e93e67bd09818db2d243066ab
sha256: 20b23a4cbf1a0a9261b104ece80ef3374538dcc4ee77397fc49add6f79094495
size: 420124
this_path: /data/cuckoo/storage/analyses/2000486/files/1005/FIEOHZSIXGU .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 8952adb4452d8cb89447986d06f3dcec
name: mnlsx .exe
new_size: 410KB (420124bytes)
operation: 修改文件
path: C:\mnlsx .exe
processid: 2000
processname: cafkp.exe
sha1: 0e0ea7d606bedd5f7ca2134fd92bd1444cc66b72
sha256: 4c827abcbe6ccfb2a6a847fc3d854c94ee956cb4368bdcf3a8c77f36bcf2c624
size: 420124
this_path: /data/cuckoo/storage/analyses/2000486/files/1006/mnlsx .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: a959923b5f6057a35620bff519e07c87
name: MSOCache .exe
new_size: 410KB (420124bytes)
operation: 修改文件
path: C:\MSOCache .exe
processid: 2000
processname: cafkp.exe
sha1: 82749f595bfbeb7ae7e65bf2b74c302c8f9af814
sha256: 21e077b53883b16353b12a24c6613b3d6eb123e6af536239c1ef3ff2759635a5
size: 420124
this_path: /data/cuckoo/storage/analyses/2000486/files/1007/MSOCache .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 4a3b04f3c05ce84d595e59e85372d993
name: pagefile.sys .exe
new_size: 410KB (420124bytes)
operation: 修改文件
path: C:\pagefile.sys .exe
processid: 2000
processname: cafkp.exe
sha1: b584a0f6d04a4d5a3e362ecfb67bb1e8771b3c4e
sha256: 3757529dce27cf0a975d7ab86e2f69cc550eaf0198e6a8a2a574ca80920846b7
size: 420124
this_path: /data/cuckoo/storage/analyses/2000486/files/1008/pagefile.sys .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 5c0cea8337c3751fcd06ed10c540f3a5
name: PerfLogs .exe
new_size: 410KB (420124bytes)
operation: 修改文件
path: C:\PerfLogs .exe
processid: 2000
processname: cafkp.exe
sha1: b458824d1ba61765d0579203aa520d42afd791c6
sha256: 5bb5cffeeefb53a4d4226e2397c2b6ceaef52db76af9aaad0497560f3a2e80f0
size: 420124
this_path: /data/cuckoo/storage/analyses/2000486/files/1009/PerfLogs .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: fd3273c3ad6c55058e076bc90b443be7
name: Program Files .exe
new_size: 410KB (420124bytes)
operation: 修改文件
path: C:\Program Files .exe
processid: 2000
processname: cafkp.exe
sha1: 1a9c1ee983803b790d2ce8d302bb5a929f5e21f4
sha256: 6404e6bd75ef21feafdbea253ba258eacf4e32fa6178a450f943994896f295df
size: 420124
this_path: /data/cuckoo/storage/analyses/2000486/files/1010/Program Files .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: b09ba055bf240b3b8132e101317821c7
name: Program Files (x86) .exe
new_size: 410KB (420124bytes)
operation: 修改文件
path: C:\Program Files (x86) .exe
processid: 2000
processname: cafkp.exe
sha1: e79f05fa49dbdd6c666aac0931200ba00cc7f8e2
sha256: 7a987922b14664898ac4b329e954766be590113d263954db490c97687dfc2660
size: 420124
this_path: /data/cuckoo/storage/analyses/2000486/files/1011/Program Files (x86) .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 4e69d71906ea9761fba54417100b44fe
name: ProgramData .exe
new_size: 410KB (420124bytes)
operation: 修改文件
path: C:\ProgramData .exe
processid: 2000
processname: cafkp.exe
sha1: 13fa34d22b1a23f5f83127d7bc348f0271a29917
sha256: 024465b6d7494d7138784ea1f99091772b16d7f9b7308deeef4929b2de70ee9d
size: 420124
this_path: /data/cuckoo/storage/analyses/2000486/files/1012/ProgramData .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 503949c78aede7e4bd2e52b5546082a3
name: Python27 .exe
new_size: 410KB (420124bytes)
operation: 修改文件
path: C:\Python27 .exe
processid: 2000
processname: cafkp.exe
sha1: 0edb61331f0687a544c6f5a59213f122dd36b8b7
sha256: c952c292a46c2630316cc86178a77f680f1debba6a71ed22a665d7ea0a3442fb
size: 420124
this_path: /data/cuckoo/storage/analyses/2000486/files/1013/Python27 .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 2432b9deaef20ae698408b7796e296fe
name: Recovery .exe
new_size: 410KB (420124bytes)
operation: 修改文件
path: C:\Recovery .exe
processid: 2000
processname: cafkp.exe
sha1: b8d30b3bf04e09439210cd0c79d90dab2cc9bbb1
sha256: 384c8ac952d50aeaf53334d0fbcc09d744c6de4ffb48ac3a4845a2bdc25630b6
size: 420124
this_path: /data/cuckoo/storage/analyses/2000486/files/1014/Recovery .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: df2905a1a72053fe2e6aa657bef4eb95
name: ryeifTITxK .exe
new_size: 410KB (420124bytes)
operation: 修改文件
path: C:\ryeifTITxK .exe
processid: 2000
processname: cafkp.exe
sha1: 3bf85395201448153c3b941554620f329046923f
sha256: d47bf79ba9601ac28a448d1e367f87484e5d2145241285a8f9f9304270fdd8de
size: 420124
this_path: /data/cuckoo/storage/analyses/2000486/files/1015/ryeifTITxK .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 66f00364cb715dacc2d6395affa2bb10
name: System Volume Information .exe
new_size: 410KB (420124bytes)
operation: 修改文件
path: C:\System Volume Information .exe
processid: 2000
processname: cafkp.exe
sha1: f52b8fe860cd62a1bd8028e293cfaa6fef7a93c0
sha256: 894d53c971699bdcde52de7809ad481798fc732c421bb137d7ef263f2e6392cb
size: 420124
this_path: /data/cuckoo/storage/analyses/2000486/files/1016/System Volume Information .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 9237a47ae4c193edb24158ca69f18e8c
name: Users .exe
new_size: 410KB (420124bytes)
operation: 修改文件
path: C:\Users .exe
processid: 2000
processname: cafkp.exe
sha1: a035e847824366cb2e77aff00b5a60b750a67c40
sha256: 7d9d33cc84da79e531a7ba5caa90f7f2f7fda89ba9ab496b57329df66ba1b4a2
size: 420124
this_path: /data/cuckoo/storage/analyses/2000486/files/1017/Users .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: b4ed41b7c2bffa18a31132e99c3e2ff7
name: Windows .exe
new_size: 199KB (204399bytes)
operation: 修改文件
path: C:\Windows .exe
processid: 2000
processname: cafkp.exe
sha1: 324f55f8a36a65f204575e94d2a301fd5a3fe3d0
sha256: 392a9409dbc94739701d0f531273065e7522a471eefceec855ab4832d7d6b41f
size: 204399
this_path: /data/cuckoo/storage/analyses/2000486/files/1018/Windows .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows

 Dropped Unsave

analysis_result: Trojan.Win32.Agent.nezvfi
create: 0
how: write
md5: e1942847e1bed37dfe9c9deddfa67e25
name: cafkp.exe
new_size: 259KB (265790bytes)
operation: 修改文件
path: C:\ProgramData\cafkp.exe
processid: 1680
processname: 1621090827431_937124f727d10bc301bcf43896081316.exe
sha1: 57a20666add536ace8789dfe9f10c9a9abcc8ac4
sha256: eb4354cd987b0b6f51d4dbb9857446e8961fb817e45983d0b71381e41152247a
size: 265790
this_path: /data/cuckoo/storage/analyses/2000486/files/1000/cafkp.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows

 Malicious

attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 3
process_id: 1680
process_name: 1621090827431_937124f727d10bc301bcf43896081316.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 30
process_id: 1680
process_name: 1621090827431_937124f727d10bc301bcf43896081316.exe
rulename: 遍历文件
attck_tactics: 防御逃逸
level: 2
matchedinfo: 通过修改查看隐藏文件设置,达到隐藏文件的目的
num: 180
process_id: 1680
process_name: 1621090827431_937124f727d10bc301bcf43896081316.exe
rulename: 获取隐藏文件设置
attck_tactics: 持久化
level: 2
matchedinfo: 恶意程序通过修改注册表的方式实现随系统自启动,以达到长期控制或驻留系统的目的
num: 8
process_id: 2000
process_name: cafkp.exe
rulename: 写入自启动注册表,增加自启动2
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 18
process_id: 2000
process_name: cafkp.exe
rulename: 遍历文件