VirSCAN VirSCAN

1, E' possibile CARICARE qualsiasi file, ma c'è un limite di 20 MB per file.
2, VirSCAN supporta la decompressione Rar/Zip, ma deve essere minore di 20 file.
3, VirSCAN può eseguire la scansione dei file compressi con password 'infected' o 'virus'.
4, Se il tuo browser non può caricare file, per favore scarica uploader VirSCAN per caricare.

Lingua
Carico del server
Server Load
VirSCAN
VirSCAN

1, E' possibile CARICARE qualsiasi file, ma c'è un limite di 20 MB per file.
2, VirSCAN supporta la decompressione Rar/Zip, ma deve essere minore di 20 file.
3, VirSCAN può eseguire la scansione dei file compressi con password 'infected' o 'virus'.

Informazioni di base

Nome del file: 00人工少女
Dimensione del file: 1385760
Tipo di file: application/x-dosexec
MD5: e5d252f9d8a0b623c019bb99fc768caf
sha1: bc6b746feab228e27efd20d87b498991af3b7974

 CreateProcess

ApplicationName: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
CmdLine: upx.exe -4 "C:\Users\Administrator\AppData\Roaming\winup.exe"
childid: 2360
childname: csc.exe
childpath: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
drop_type:
name: 1620563448127_e5d252f9d8a0b623c019bb99fc768caf.exe
noNeedLine: 1
path: C:\Users\Administrator\AppData\Local\Temp\1620563448127_e5d252f9d8a0b623c019bb99fc768caf.exe
pid: 2472
ApplicationName: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
CmdLine:
childid: 752
childname: csc.exe
childpath: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
drop_type:
name: 1620563448127_e5d252f9d8a0b623c019bb99fc768caf.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1620563448127_e5d252f9d8a0b623c019bb99fc768caf.exe
pid: 2472
ApplicationName:
CmdLine:
childid: 2472
childname: 1620563448127_e5d252f9d8a0b623c019bb99fc768caf.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\1620563448127_e5d252f9d8a0b623c019bb99fc768caf.exe
drop_type:
name:
noNeedLine:
path:
pid: 1848

 Dropped_Save

analysis_result: 安全
create: 0
how: write
md5: dc0cf950c3222e2a4d87af26643790f4
name: .Identifier
new_size: 68bytes
operation: 修改文件
path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\.Identifier
processid: 752
processname: csc.exe
sha1: 78c82cce5ac076d282f08f490ad8a6bb0b92e646
sha256: 5338cafc5af455bbfe5e178031545c952b2006f409250c9beea65a5a00b3e0da
size: 68
this_path: /data/cuckoo/storage/analyses/2000448/files/1001/.Identifier
type: data

 Dropped Unsave

analysis_result: HEUR:Trojan.Win32.NetWire.gen
create: 0
how: write
md5: 4c0105f599a57999bf70cb3147d358aa
name: winup.exe
new_size: 1354KB (1386784bytes)
operation: 修改文件
path: C:\Users\Administrator\AppData\Roaming\winup.exe
processid: 2472
processname: 1620563448127_e5d252f9d8a0b623c019bb99fc768caf.exe
sha1: dc981629b9ac525245149fef6a28bbbbb692afa0
sha256: 7212f9fe25137ce90ae6842169b67a7a459ada0c68214e602bda55dc45ed14c9
size: 1386784
this_path: /data/cuckoo/storage/analyses/2000448/files/1000/winup.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed

 Malicious

attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过从资源段释放文件并运行的方式,以达到隐藏恶意代码的目的
num: 103
process_id: 2472
process_name: 1620563448127_e5d252f9d8a0b623c019bb99fc768caf.exe
rulename: 从资源段释放文件并运行
attck_tactics: 其他恶意行为
level: 2
matchedinfo: 恶意程序通过从资源段释放资源到内存中,进行解密操作
num: 103
process_id: 2472
process_name: 1620563448127_e5d252f9d8a0b623c019bb99fc768caf.exe
rulename: 加载资源到内存
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 135
process_id: 2472
process_name: 1620563448127_e5d252f9d8a0b623c019bb99fc768caf.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 111
process_id: 2360
process_name: csc.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 131
process_id: 2360
process_name: csc.exe
rulename: 遍历文件
attck_tactics: 基础信息获取
level: 1
matchedinfo: 恶意程序通过获取用户磁盘信息的方式,以达到获取敏感信息的目的
num: 26
process_id: 752
process_name: csc.exe
rulename: 收集磁盘信息
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 148
process_id: 752
process_name: csc.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 命令与控制
level: 2
matchedinfo: 恶意程序可能连接非常规端口网络连接进行数据偷取操作
num: 181
process_id: 752
process_name: csc.exe
rulename: 连接非常规端口
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意程序通过创建网络连接的方式,以达到通过网络连接进行通信的目的
num: 181
process_id: 752
process_name: csc.exe
rulename: 创建网络套接字连接