VirSCAN VirSCAN

1, E' possibile CARICARE qualsiasi file, ma c'è un limite di 20 MB per file.
2, VirSCAN supporta la decompressione Rar/Zip, ma deve essere minore di 20 file.
3, VirSCAN può eseguire la scansione dei file compressi con password 'infected' o 'virus'.
4, Se il tuo browser non può caricare file, per favore scarica uploader VirSCAN per caricare.

Lingua
Carico del server
Server Load
VirSCAN
VirSCAN

1, E' possibile CARICARE qualsiasi file, ma c'è un limite di 20 MB per file.
2, VirSCAN supporta la decompressione Rar/Zip, ma deve essere minore di 20 file.
3, VirSCAN può eseguire la scansione dei file compressi con password 'infected' o 'virus'.

Informazioni di base

Nome del file: 00spark
Dimensione del file: 1172480
Tipo di file: application/x-dosexec
MD5: db46149d6fca3c65d4f43dfe45133536
sha1: f06503830f1d7dd5722397f8ec4035f1dceb83c0

 CreateProcess

ApplicationName:
CmdLine:
childid: 2360
childname: 1620471621782_db46149d6fca3c65d4f43dfe45133536.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\1620471621782_db46149d6fca3c65d4f43dfe45133536.exe
drop_type:
name:
noNeedLine:
path:
pid: 352

 Summary

buffer: 0
processid: 2360
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
type: REG_DWORD
valuename: UNCAsIntranet
buffer: 1
processid: 2360
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
type: REG_DWORD
valuename: AutoDetect
buffer: 0
processid: 2360
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
type: REG_DWORD
valuename: UNCAsIntranet
buffer: 1
processid: 2360
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
type: REG_DWORD
valuename: AutoDetect

 Malicious

attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 22
process_id: 2360
process_name: 1620471621782_db46149d6fca3c65d4f43dfe45133536.exe
rulename: 遍历文件
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 150
process_id: 2360
process_name: 1620471621782_db46149d6fca3c65d4f43dfe45133536.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 防御逃逸
level: 3
matchedinfo: 恶意程序通过修改特定注册表项而造成镜像劫持,以达到替换原执行程序并使自己能够被执行的目的
num: 163
process_id: 2360
process_name: 1620471621782_db46149d6fca3c65d4f43dfe45133536.exe
rulename: 进行进程劫持
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 一般被用于文件的加密、数据的加密传输或可能被用于勒索者病毒中
num: 1243
process_id: 2360
process_name: 1620471621782_db46149d6fca3c65d4f43dfe45133536.exe
rulename: 调用加密算法库
attck_tactics: 其他恶意行为
level: 2
matchedinfo: 恶意程序通过从资源段释放资源到内存中,进行解密操作
num: 3800
process_id: 2360
process_name: 1620471621782_db46149d6fca3c65d4f43dfe45133536.exe
rulename: 加载资源到内存
attck_tactics: 防御逃逸
level: 2
matchedinfo: 检查程序运行时监视鼠标是否移动。一般被恶意软件用于沙盒逃逸
num: 3993
process_id: 2360
process_name: 1620471621782_db46149d6fca3c65d4f43dfe45133536.exe
rulename: 获取当前鼠标位置
attck_tactics: 持久化
level: 1
matchedinfo: 恶意程序通过写入注册表,以达修改用户修改代理
num: 6169
process_id: 2360
process_name: 1620471621782_db46149d6fca3c65d4f43dfe45133536.exe
rulename: 修改浏览器代理
attck_tactics: 基础信息获取
level: 1
matchedinfo: 恶意程序通过调用关键api的获取系统的用户名,以达到收集用户信息的目的
num: 6282
process_id: 2360
process_name: 1620471621782_db46149d6fca3c65d4f43dfe45133536.exe
rulename: 获取当前用户名