VirSCAN VirSCAN

1, Vous pouvez ENVOYER tout fichier mais il y a une limite de 20 Mo par fichier.
2, VirSCAN supporte la décompression Rar/Zip mais il doit y avoir moins de 20 fichiers.
3, VirSCAN peut détecter un fichier compressé avec le mot de passe 'infected' ou 'virus'.
4, Si votre navigateur ne peut pas télécharger le fichier, téléchargez virscan uploader pour télécharger.

La langue
Charge du serveur
Server Load
VirSCAN
VirSCAN

1, Vous pouvez ENVOYER tout fichier mais il y a une limite de 20 Mo par fichier.
2, VirSCAN supporte la décompression Rar/Zip mais il doit y avoir moins de 20 fichiers.
3, VirSCAN peut détecter un fichier compressé avec le mot de passe 'infected' ou 'virus'.

Informations de base

Nom du fichier: 00学校2015
Taille du fichier: 560000
Type de fichier: application/x-dosexec
MD5: 83ec144581feb327ec213d85bf919dd0
sha1: 3c98cbd9ab09cb19b742ec63048bbf98811f791f

 CreateProcess

ApplicationName:
CmdLine:
childid: 2524
childname: 1621090812294_83ec144581feb327ec213d85bf919dd0.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\1621090812294_83ec144581feb327ec213d85bf919dd0.exe
drop_type:
name:
noNeedLine:
path:
pid: 2856

 Summary

buffer: 0
processid: 2524
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\1621090812294_83ec144581feb327ec213d85bf919dd0_RASAPI32
type: REG_DWORD
valuename: EnableFileTracing
buffer: 0
processid: 2524
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\1621090812294_83ec144581feb327ec213d85bf919dd0_RASAPI32
type: REG_DWORD
valuename: EnableConsoleTracing
buffer: 4294901760
processid: 2524
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\1621090812294_83ec144581feb327ec213d85bf919dd0_RASAPI32
type: REG_DWORD
valuename: FileTracingMask
buffer: 4294901760
processid: 2524
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\1621090812294_83ec144581feb327ec213d85bf919dd0_RASAPI32
type: REG_DWORD
valuename: ConsoleTracingMask
buffer: 1048576
processid: 2524
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\1621090812294_83ec144581feb327ec213d85bf919dd0_RASAPI32
type: REG_DWORD
valuename: MaxFileSize
buffer: %windir%\tracing\x00
processid: 2524
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\1621090812294_83ec144581feb327ec213d85bf919dd0_RASAPI32
type: REG_EXPAND_SZ
valuename: FileDirectory
buffer: 0
processid: 2524
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\1621090812294_83ec144581feb327ec213d85bf919dd0_RASMANCS
type: REG_DWORD
valuename: EnableFileTracing
buffer: 0
processid: 2524
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\1621090812294_83ec144581feb327ec213d85bf919dd0_RASMANCS
type: REG_DWORD
valuename: EnableConsoleTracing
buffer: 4294901760
processid: 2524
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\1621090812294_83ec144581feb327ec213d85bf919dd0_RASMANCS
type: REG_DWORD
valuename: FileTracingMask
buffer: 4294901760
processid: 2524
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\1621090812294_83ec144581feb327ec213d85bf919dd0_RASMANCS
type: REG_DWORD
valuename: ConsoleTracingMask
buffer: 1048576
processid: 2524
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\1621090812294_83ec144581feb327ec213d85bf919dd0_RASMANCS
type: REG_DWORD
valuename: MaxFileSize
buffer: %windir%\tracing\x00
processid: 2524
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\1621090812294_83ec144581feb327ec213d85bf919dd0_RASMANCS
type: REG_EXPAND_SZ
valuename: FileDirectory
buffer: 0
processid: 2524
szSubkey: HKEY_USERS\S-1-5-21-3531488231-4160719598-983141384-500\Software\Microsoft\windows\CurrentVersion\Internet Settings
type: REG_DWORD
valuename: ProxyEnable
buffer: F\x00\x00\x00\x05\x01\x00\x00 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x90{\x81\xfe\xe9"\xd4\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x02\x00\x00\x00\xc0\xa88\xc9\x00\x00\x00\x00\x00\x00\x00\x00+00\x9d\x19\x00/C:\\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00t\x001\x00\x00\x00\x00\x00hKGD\x11\x00Users\x00`\x00\x08\x00\x04\x00\xef\xbe\xee:\x85\x1ahKGD*\x00\x00\x00\xe6\x01\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x006\x00\x00\x00\x00\x00U\x00s\x00e\x00r\x00s\x00\x00\x00@\x00s\x00h\x00e\x00l\x17\x00\x00\x00\x00\x00\x00\x00\xfe\x80\x00\x00\x00\x00\x00\x00\xc4\x97z\x90\x8f\x9e\x8fu\x0b\x00\x00\x00\x00\x00\x00\x14\x00`\x001\x00\x00\x00\x00\x00pKZ/\x10\x00ADMINI~1\x00\x00H\x00\x08\x00\x04\x00\xef\xbehKGDpKZ
processid: 2524
szSubkey: HKEY_USERS\S-1-5-21-3531488231-4160719598-983141384-500\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
type: REG_BINARY
valuename: SavedLegacySettings
buffer: 1
processid: 2524
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\{42E7C687-3C56-48E6-A2A2-AB48DD2D7BC7}
type: REG_DWORD
valuename: WpadDecisionReason
buffer: `\xbdQ\x8c\xbeI\xd7\x01
processid: 2524
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\{42E7C687-3C56-48E6-A2A2-AB48DD2D7BC7}
type: REG_BINARY
valuename: WpadDecisionTime
buffer: 3
processid: 2524
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\{42E7C687-3C56-48E6-A2A2-AB48DD2D7BC7}
type: REG_DWORD
valuename: WpadDecision
buffer: 网络 2
processid: 2524
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\{42E7C687-3C56-48E6-A2A2-AB48DD2D7BC7}
type: REG_SZ
valuename: WpadNetworkName
buffer: 1
processid: 2524
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00
type: REG_DWORD
valuename: WpadDecisionReason
buffer: `\xbdQ\x8c\xbeI\xd7\x01
processid: 2524
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00
type: REG_BINARY
valuename: WpadDecisionTime
buffer: 3
processid: 2524
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00
type: REG_DWORD
valuename: WpadDecision
buffer: F\x00\x00\x00\x0e\x00\x00\x00 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00`w\x8eh\xbeI\xd7\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x02\x00\x00\x00\xc0\xa88\xd0\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x11\x00\x00\x00\x10\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00 \x00\x00\x00\x10\x00\x00\x01\x00\x00\x00\xea\x03\x00\x00 \x06\x02\x00\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\xa0\x1a\x0f\xe7\x8b\xab\xcf\x11\x8c\xa3\x00\x80_H\xa1\x92\x17\x00\x00\x00\x00\x00\x00\x00\xfe\x80\x00\x00\x00\x00\x00\x00((\xe2\x91dY\x8fP\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00
processid: 2524
szSubkey: HKEY_USERS\S-1-5-21-3531488231-4160719598-983141384-500\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
type: REG_BINARY
valuename: DefaultConnectionSettings
buffer: {42E7C687-3C56-48E6-A2A2-AB48DD2D7BC7}
processid: 2524
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad
type: REG_SZ
valuename: WpadLastNetwork
buffer: 0
processid: 2524
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
type: REG_DWORD
valuename: UNCAsIntranet
buffer: 1
processid: 2524
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
type: REG_DWORD
valuename: AutoDetect
buffer: 0
processid: 2524
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
type: REG_DWORD
valuename: UNCAsIntranet
buffer: 1
processid: 2524
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
type: REG_DWORD
valuename: AutoDetect
buffer: 1
processid: 2524
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\{42E7C687-3C56-48E6-A2A2-AB48DD2D7BC7}
type: REG_DWORD
valuename: WpadDecisionReason
buffer: \x80\x07\xb7\x1b\xbfI\xd7\x01
processid: 2524
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\{42E7C687-3C56-48E6-A2A2-AB48DD2D7BC7}
type: REG_BINARY
valuename: WpadDecisionTime
buffer: 0
processid: 2524
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\{42E7C687-3C56-48E6-A2A2-AB48DD2D7BC7}
type: REG_DWORD
valuename: WpadDecision
buffer: 网络 2
processid: 2524
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\{42E7C687-3C56-48E6-A2A2-AB48DD2D7BC7}
type: REG_SZ
valuename: WpadNetworkName
buffer: 1
processid: 2524
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00
type: REG_DWORD
valuename: WpadDecisionReason
buffer: \x80\x07\xb7\x1b\xbfI\xd7\x01
processid: 2524
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00
type: REG_BINARY
valuename: WpadDecisionTime
buffer: 0
processid: 2524
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00
type: REG_DWORD
valuename: WpadDecision

 Behavior_analysis

message: 恶意软件访问多个域名,进行蠕虫传播或ddos攻击
name: 访问多个域名
szSubkey:
score: 3
message: 企图通过长时间休眠躲避沙箱检测
name: 长时间休眠
szSubkey:
score: 2

 Dropped_Save

analysis_result: 安全
create: 0
how: write
md5: d99b79ae9d7124f9a45fb35d6ddc3493
name: DLG5231.tmp
new_size: 25KB (25728bytes)
operation: 修改文件
path: C:\Users\Administrator\AppData\Local\Temp\DLG5231.tmp
processid: 2524
processname: 1621090812294_83ec144581feb327ec213d85bf919dd0.exe
sha1: 5cf8a701dcd0503d7a1a3d736bb70e9b1d5e0d9e
sha256: 6670fb9e498e961ce702ad7142cdf5529d646a2db9cfaa59a0f21557aceac481
size: 25728
this_path: /data/cuckoo/storage/analyses/7000451/files/1000/DLG5231.tmp
type: data
analysis_result: 安全
create: 0
how: write
md5: 69e4fb88f38472e651f3b4169879c47f
name: DLG-Product-Logo.png
new_size: 2599bytes
operation: 修改文件
path: C:\Users\Administrator\AppData\Local\Temp\DLG\dlgres\DLG-Product-Logo.png
processid: 2524
processname: 1621090812294_83ec144581feb327ec213d85bf919dd0.exe
sha1: b5ac25ecf94344196f5cc3f8b0dd4b863fb73182
sha256: bd284633e72034f963ae0db7bbf7714cd735dcb51d905969f1d8b03b73952033
size: 2599
this_path: /data/cuckoo/storage/analyses/7000451/files/1001/DLG-Product-Logo.png
type: PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced
analysis_result: 安全
create: 0
how: write
md5: bf4625507c1d35caabdb3e9d9ba584a0
name: style.css
new_size: 1519bytes
operation: 修改文件
path: C:\Users\Administrator\AppData\Local\Temp\DLG\initWindow\css\style.css
processid: 2524
processname: 1621090812294_83ec144581feb327ec213d85bf919dd0.exe
sha1: a66e8e8db0043d182a45ce9546592ee0e1304781
sha256: 491accafcf5a3997fd2b8b6d3a91153773db8ca0df10b248a19ee51516c403a8
size: 1519
this_path: /data/cuckoo/storage/analyses/7000451/files/1002/style.css
type: assembler source, ASCII text, with CRLF line terminators
analysis_result: 安全
create: 0
how: write
md5: a0ee32dc4ffc79fdef2dc0467da538c5
name: noconnection.html
new_size: 2619bytes
operation: 修改文件
path: C:\Users\Administrator\AppData\Local\Temp\DLG\initWindow\noconnection.html
processid: 2524
processname: 1621090812294_83ec144581feb327ec213d85bf919dd0.exe
sha1: 15d78592ac2c313a52d3c22783aae9bb4c787182
sha256: b4508b7dcc08b2b93cd64bee68bd5174fe48f48280e59f9a81d4861c3ef0431d
size: 2619
this_path: /data/cuckoo/storage/analyses/7000451/files/1003/noconnection.html
type: HTML document, UTF-8 Unicode text, with CRLF line terminators
analysis_result: 安全
create: 0
how: write
md5: 2c68017c4ea6ee541e285aaae8840ba9
name: progress.html
new_size: 1080bytes
operation: 修改文件
path: C:\Users\Administrator\AppData\Local\Temp\DLG\initWindow\progress.html
processid: 2524
processname: 1621090812294_83ec144581feb327ec213d85bf919dd0.exe
sha1: f1255d0203df8e23af4a568c2de5e6762dd49d96
sha256: 6c926310dc1495ef47e07efd9b695f34c7d4f755fa011cd73455b5e4ed93898b
size: 1080
this_path: /data/cuckoo/storage/analyses/7000451/files/1004/progress.html
type: HTML document, ASCII text, with CRLF line terminators
analysis_result: 安全
create: 0
how: write
md5: 002ab0273d3f8f0575a09dc4392b1905
name: loadingImage.bmp
new_size: 1782KB (1825254bytes)
operation: 修改文件
path: C:\Users\Administrator\AppData\Local\Temp\DLG\loadingImage\loadingImage.bmp
processid: 2524
processname: 1621090812294_83ec144581feb327ec213d85bf919dd0.exe
sha1: b96c8394bf6ae5fb3abe8b4c2a6d0fe3c3d31303
sha256: 57f3c81751562f8327a62e3381b93367755a2dddc18becc6fedefe6ca6554d63
size: 1825254
this_path: /data/cuckoo/storage/analyses/7000451/files/1005/loadingImage.bmp
type: PC bitmap, Windows 3.x format, 5850 x 78 x 32
analysis_result: 安全
create: 0
how: move
md5: 5adfb2b91b3bcf6961f2b68d172c9969
name: uifile.zip
new_size: 96KB (98679bytes)
operation: 拷贝覆盖文件
path: C:\Users\Administrator\AppData\Local\Temp\DLG\ui\offers\e7897d55b76a861e21cb37580d296be2\uifile.zip
processid: 2524
processname: 1621090812294_83ec144581feb327ec213d85bf919dd0.exe
sha1: a2759aedcb20c12ae9ed1b39ee0e137064c97fe9
sha256: 4bfaa405b3450ee70527d1018ee23a58bf5e2526a0589b590751ace3b040c1e4
size: 98679
this_path: /data/cuckoo/storage/analyses/7000451/files/1006/uifile.zip
type: Zip archive data, at least v2.0 to extract
analysis_result: 安全
create: 0
how: write
md5: 1dba20bced03870623c25d5bebaf51d1
name: index.html
new_size: 3024bytes
operation: 修改文件
path: C:\Users\Administrator\AppData\Local\Temp\DLG\ui\offers\e7897d55b76a861e21cb37580d296be2\index.html
processid: 2524
processname: 1621090812294_83ec144581feb327ec213d85bf919dd0.exe
sha1: d8fe09e9cf90a758d5955c8a6756bcb2dfdef0d1
sha256: 39f3b11a35c90eb369c4f8bd5acff1d1c4c9ea9c0ca93ce6eb032b2f371b7f76
size: 3024
this_path: /data/cuckoo/storage/analyses/7000451/files/1007/index.html
type: HTML document, ASCII text, with CRLF line terminators
analysis_result: 安全
create: 0
how: write
md5: f03e619f09f49dbcd4ec035eae355d6f
name: style.css
new_size: 2746bytes
operation: 修改文件
path: C:\Users\Administrator\AppData\Local\Temp\DLG\ui\offers\e7897d55b76a861e21cb37580d296be2\css\style.css
processid: 2524
processname: 1621090812294_83ec144581feb327ec213d85bf919dd0.exe
sha1: d8f8ec242126010bb9422e28d2086b4173abfcf3
sha256: ce57610e5a5b2eeb9e2379e82f7ac5fc5f97640f42638b3fe3602c11d5ca7893
size: 2746
this_path: /data/cuckoo/storage/analyses/7000451/files/1008/style.css
type: assembler source, ASCII text, with CRLF line terminators
analysis_result: 安全
create: 0
how: write
md5: 1d044e7ccf127f8f68c5eaa98d80c856
name: img1.png
new_size: 52KB (54240bytes)
operation: 修改文件
path: C:\Users\Administrator\AppData\Local\Temp\DLG\ui\offers\e7897d55b76a861e21cb37580d296be2\img\img1.png
processid: 2524
processname: 1621090812294_83ec144581feb327ec213d85bf919dd0.exe
sha1: a98a3a59764489784f0f7866413e85729bf90f10
sha256: 83976767c46c62486cfef6cf3f5cd3ce66960c1e8a8d263b89dbb04183947373
size: 54240
this_path: /data/cuckoo/storage/analyses/7000451/files/1009/img1.png
type: PNG image data, 164 x 314, 8-bit/color RGB, non-interlaced
analysis_result: 安全
create: 0
how: write
md5: e6ecc7ea173e1a11774b8d2ef33da497
name: progress-bar.png
new_size: 17KB (17879bytes)
operation: 修改文件
path: C:\Users\Administrator\AppData\Local\Temp\DLG\ui\offers\e7897d55b76a861e21cb37580d296be2\img\progress-bar.png
processid: 2524
processname: 1621090812294_83ec144581feb327ec213d85bf919dd0.exe
sha1: 2498dfac57f97ec6e14a7b30ea984cd18a41d25d
sha256: 8cf5ba182438452512e370053cf92775c1c0e1e8424c1d046bcee17cc02502fe
size: 17879
this_path: /data/cuckoo/storage/analyses/7000451/files/1010/progress-bar.png
type: PNG image data, 417 x 21, 8-bit grayscale, non-interlaced
analysis_result: 安全
create: 0
how: write
md5: 4fee4a9ad49cc57c8e44b729b70f0f33
name: progress.png
new_size: 18KB (18751bytes)
operation: 修改文件
path: C:\Users\Administrator\AppData\Local\Temp\DLG\ui\offers\e7897d55b76a861e21cb37580d296be2\img\progress.png
processid: 2524
processname: 1621090812294_83ec144581feb327ec213d85bf919dd0.exe
sha1: 293d7ee9b1b893150d38b00eeedce82170c46815
sha256: f7d41eb86d079b63da2fadf7bb705e51605aecb92385c275bbaaabb527226265
size: 18751
this_path: /data/cuckoo/storage/analyses/7000451/files/1011/progress.png
type: PNG image data, 417 x 21, 8-bit/color RGBA, non-interlaced
analysis_result: 安全
create: 0
how: write
md5: 11468602df014a21b203dc9bcd84d369
name: jquery-1.10.2.min.js
new_size: 90KB (93113bytes)
operation: 修改文件
path: C:\Users\Administrator\AppData\Local\Temp\DLG\ui\offers\e7897d55b76a861e21cb37580d296be2\js\jquery-1.10.2.min.js
processid: 2524
processname: 1621090812294_83ec144581feb327ec213d85bf919dd0.exe
sha1: 2cf8733fe01e2d149140cb840595fa5d21769f93
sha256: 29c9e8752f25b17961e3c6ff72de34b1f1a157dfc5fabb68bd148b8ec9002b17
size: 93113
this_path: /data/cuckoo/storage/analyses/7000451/files/1012/jquery-1.10.2.min.js
type: ASCII text, with very long lines, with CRLF line terminators
analysis_result: 安全
create: 0
how: move
md5: d6a7a365a47553849b8fdeabd2387d04
name: base.zip
new_size: 33KB (34432bytes)
operation: 拷贝覆盖文件
path: C:\Users\Administrator\AppData\Local\Temp\DLG\ui\common\base\base.zip
processid: 2524
processname: 1621090812294_83ec144581feb327ec213d85bf919dd0.exe
sha1: 7f447916b8ef495eabbe71235fab8301cc568e1f
sha256: 281ce553cf7c12e88b70dd51447085b8e368b1e71d4013cde5c48988370bb512
size: 34432
this_path: /data/cuckoo/storage/analyses/7000451/files/1013/base.zip
type: Zip archive data, at least v2.0 to extract
analysis_result: 安全
create: 0
how: write
md5: da5aa12ba0e76cffb9210183c7377c02
name: index.html
new_size: 2708bytes
operation: 修改文件
path: C:\Users\Administrator\AppData\Local\Temp\DLG\ui\common\base\index.html
processid: 2524
processname: 1621090812294_83ec144581feb327ec213d85bf919dd0.exe
sha1: d58656610d2330261559ad96809fa27f42a37e0b
sha256: feccb50cca92146f0ae0f486bf9117b1555af8fbba89cbfd476eafd1ad0f964e
size: 2708
this_path: /data/cuckoo/storage/analyses/7000451/files/1014/index.html
type: HTML document, ASCII text, with CRLF line terminators
analysis_result: 安全
create: 0
how: write
md5: 55b60c71f628d3cba9577324d309a008
name: style.css
new_size: 1347bytes
operation: 修改文件
path: C:\Users\Administrator\AppData\Local\Temp\DLG\ui\common\base\css\style.css
processid: 2524
processname: 1621090812294_83ec144581feb327ec213d85bf919dd0.exe
sha1: 84f0fc10891e0b5fe3c3fe48aa14a9df30aaa2b5
sha256: 3522b86aece48dc46097876a5ba113fb67e027b8cdb3aa4ed7dfc3f6718be0a0
size: 1347
this_path: /data/cuckoo/storage/analyses/7000451/files/1015/style.css
type: assembler source, ASCII text, with CRLF line terminators
analysis_result: 安全
create: 0
how: write
md5: 11468602df014a21b203dc9bcd84d369
name: jquery-1.10.2.min.js
new_size: 90KB (93113bytes)
operation: 修改文件
path: C:\Users\Administrator\AppData\Local\Temp\DLG\ui\common\base\js\jquery-1.10.2.min.js
processid: 2524
processname: 1621090812294_83ec144581feb327ec213d85bf919dd0.exe
sha1: 2cf8733fe01e2d149140cb840595fa5d21769f93
sha256: 29c9e8752f25b17961e3c6ff72de34b1f1a157dfc5fabb68bd148b8ec9002b17
size: 93113
this_path: /data/cuckoo/storage/analyses/7000451/files/1016/jquery-1.10.2.min.js
type: ASCII text, with very long lines, with CRLF line terminators
analysis_result: 安全
create: 0
how: write
md5: 9d64409d45318c75c0ed77e690b60dd2
name: progress.zip.part
new_size: 134KB (137329bytes)
operation: 修改文件
path: C:\Users\Administrator\AppData\Local\Temp\DLG\ui\common\progress\progress.zip.part
processid: 2524
processname: 1621090812294_83ec144581feb327ec213d85bf919dd0.exe
sha1: d09a1f06682bee142fd5d84994f37f31b6f03a87
sha256: 690e5744f0914688fd6b1455f73ee354ce4ceb4efe43e88af9a208c42f79ce28
size: 137329
this_path: /data/cuckoo/storage/analyses/7000451/files/1017/progress.zip.part
type: Zip archive data, at least v2.0 to extract

 Malicious

attck_tactics: 其他恶意行为
level: 1
matchedinfo: 一般被用于文件的加密、数据的加密传输或可能被用于勒索者病毒中
num: 383
process_id: 2524
process_name: 1621090812294_83ec144581feb327ec213d85bf919dd0.exe
rulename: 调用加密算法库
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 438
process_id: 2524
process_name: 1621090812294_83ec144581feb327ec213d85bf919dd0.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 防御逃逸
level: 2
matchedinfo: 通过重新写入数据到新创建的进程,以达到逃避杀毒软件检测的目的
num: 723
process_id: 2524
process_name: 1621090812294_83ec144581feb327ec213d85bf919dd0.exe
rulename: 进程数据重写(使用内存映射方式)
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意程序通过创建网络连接的方式,以达到通过网络连接进行通信的目的
num: 1178
process_id: 2524
process_name: 1621090812294_83ec144581feb327ec213d85bf919dd0.exe
rulename: 创建网络套接字连接
attck_tactics: 命令与控制
level: 1
matchedinfo: 恶意程序可能连接非常规端口网络连接进行数据偷取操作
num: 1193
process_id: 2524
process_name: 1621090812294_83ec144581feb327ec213d85bf919dd0.exe
rulename: 连接本地地址127.0.0.1
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 1275
process_id: 2524
process_name: 1621090812294_83ec144581feb327ec213d85bf919dd0.exe
rulename: 遍历文件
attck_tactics: 持久化
level: 1
matchedinfo: 恶意程序通过打开服务控制管理器(Service Control Manager),以达到对服务进行控制的目的
num: 1307
process_id: 2524
process_name: 1621090812294_83ec144581feb327ec213d85bf919dd0.exe
rulename: 打开服务控制管理器
attck_tactics: 持久化
level: 1
matchedinfo: 恶意程序通过写入注册表,以达修改用户修改代理
num: 1478
process_id: 2524
process_name: 1621090812294_83ec144581feb327ec213d85bf919dd0.exe
rulename: 修改浏览器代理
attck_tactics: 基础信息获取
level: 1
matchedinfo: 恶意程序通过调用关键api的获取系统的用户名,以达到收集用户信息的目的
num: 1486
process_id: 2524
process_name: 1621090812294_83ec144581feb327ec213d85bf919dd0.exe
rulename: 获取当前用户名
attck_tactics: 执行
level: 2
matchedinfo: 恶意程序通过打开线程,以达到操作其它线程的目的
num: 1549
process_id: 2524
process_name: 1621090812294_83ec144581feb327ec213d85bf919dd0.exe
rulename: 打开其他线程
attck_tactics: 基础信息获取
level: 1
matchedinfo: 恶意程序通过获取用户网卡信息的方式,以达到获取敏感信息的目的
num: 1800
process_id: 2524
process_name: 1621090812294_83ec144581feb327ec213d85bf919dd0.exe
rulename: 收集电脑网卡信息
attck_tactics: 其他恶意行为
level: 2
matchedinfo: 恶意程序会使用Post方式发送数据
num: 2466
process_id: 2524
process_name: 1621090812294_83ec144581feb327ec213d85bf919dd0.exe
rulename: 使用Post方式发送数据
attck_tactics: 其他恶意行为
level: 2
matchedinfo: 恶意程序会使用Get方式请求(或发送)配置文件
num: 2926
process_id: 2524
process_name: 1621090812294_83ec144581feb327ec213d85bf919dd0.exe
rulename: 使用Get方式请求数据