VirSCAN VirSCAN

1, E' possibile CARICARE qualsiasi file, ma c'è un limite di 20 MB per file.
2, VirSCAN supporta la decompressione Rar/Zip, ma deve essere minore di 20 file.
3, VirSCAN può eseguire la scansione dei file compressi con password 'infected' o 'virus'.
4, Se il tuo browser non può caricare file, per favore scarica uploader VirSCAN per caricare.

Lingua
Carico del server
Server Load
VirSCAN
VirSCAN

1, E' possibile CARICARE qualsiasi file, ma c'è un limite di 20 MB per file.
2, VirSCAN supporta la decompressione Rar/Zip, ma deve essere minore di 20 file.
3, VirSCAN può eseguire la scansione dei file compressi con password 'infected' o 'virus'.

Informazioni di base

Nome del file: 00百家姓
Dimensione del file: 447421
Tipo di file: application/x-dosexec
MD5: c399fe03929f7bfc4a6d6f27025623f0
sha1: 52c29cc64d81416cf9ad5e98dcaba7b85faa8705

 CreateProcess

ApplicationName:
CmdLine: "C:\Users\ADMINI~1\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Administrator\AppData\Local\Temp\
childid: 2176
childname: Au_.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\~nsu.tmp\Au_.exe
drop_type: 1
name: 1620370812265_c399fe03929f7bfc4a6d6f27025623f0.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1620370812265_c399fe03929f7bfc4a6d6f27025623f0.exe
pid: 3048
ApplicationName:
CmdLine:
childid: 3048
childname: 1620370812265_c399fe03929f7bfc4a6d6f27025623f0.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\1620370812265_c399fe03929f7bfc4a6d6f27025623f0.exe
drop_type:
name:
noNeedLine:
path:
pid: 3000

 Dropped_Save

analysis_result: 安全
create: 0
how: del
md5: 0a3926c2dac583e4541204d9f67a1c54
name: modern-header.bmp
new_size: 25KB (25818bytes)
operation: 释放后删除文件
path: C:\Users\Administrator\AppData\Local\Temp\nsj2E7E.tmp\modern-header.bmp
processid: 2176
processname: Au_.exe
sha1: e099046d1a6afd7a09921aef72d7777d61b45053
sha256: 040bafa4b128e03578707ed5374ec3ba0a9b164b72a300df67c29e5b94324edf
size: 25818
this_path: /data/cuckoo/storage/analyses/1000189/files/4402185815/modern-header.bmp
type: PC bitmap, Windows 3.x format, 150 x 57 x 24
analysis_result: 安全
create: 0
how: del
md5: 96401d337e55141e9e6f01535e6641d2
name: modern-wizard.bmp
new_size: 48KB (49206bytes)
operation: 释放后删除文件
path: C:\Users\Administrator\AppData\Local\Temp\nsj2E7E.tmp\modern-wizard.bmp
processid: 2176
processname: Au_.exe
sha1: 20378566cd11ce6f5ac308f6520722ac95a6f775
sha256: 90ed6657d85284e6551546c0c966ec9a3954cb94e6bc01e67c112cb9490b9f25
size: 49206
this_path: /data/cuckoo/storage/analyses/1000189/files/7151736645/modern-wizard.bmp
type: PC bitmap, Windows 3.x format, 128 x 128 x 24
analysis_result: 安全
create: 0
how: del
md5: 52cc85d86576e5419350779beff6b550
name: nsDialogs.dll
new_size: 9728bytes
operation: 释放后删除文件
path: C:\Users\Administrator\AppData\Local\Temp\nsj2E7E.tmp\nsDialogs.dll
processid: 2176
processname: Au_.exe
sha1: ea6a27597b0480fb452551099cf62a2f8a67c9f2
sha256: c3e12cf2abd11e18c9d4302c5e655bff2e5efda03158c50a91ceea56a656aed5
size: 9728
this_path: /data/cuckoo/storage/analyses/1000189/files/4651352989/nsDialogs.dll
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
analysis_result: 安全
create: 0
how: del
md5: 7399323923e3946fe9140132ac388132
name: System.dll
new_size: 11KB (11264bytes)
operation: 释放后删除文件
path: C:\Users\Administrator\AppData\Local\Temp\nsj2E7E.tmp\System.dll
processid: 2176
processname: Au_.exe
sha1: 728257d06c452449b1241769b459f091aabcffc5
sha256: 5a1c20a3e2e2eb182976977669f2c5d9f3104477e98f74d69d2434e79b92fdc3
size: 11264
this_path: /data/cuckoo/storage/analyses/1000189/files/5981820653/System.dll
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

 Dropped Unsave

analysis_result: Trojan-Clicker.Win32.Agent.abis
create: 0
how: del
md5: c399fe03929f7bfc4a6d6f27025623f0
name: Au_.exe
new_size: 436KB (447421bytes)
operation: 释放后删除文件
path: C:\Users\Administrator\AppData\Local\Temp\~nsu.tmp\Au_.exe
processid: 3048
processname: 1620370812265_c399fe03929f7bfc4a6d6f27025623f0.exe
sha1: 52c29cc64d81416cf9ad5e98dcaba7b85faa8705
sha256: f06644304c81bbfba39bd73307c34f9a463adf9e2bca7176b283531d6be00a0b
size: 447421
this_path: /data/cuckoo/storage/analyses/1000189/files/2290234274/Au_.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows

 Malicious

attck_tactics: 防御逃逸
level: 2
matchedinfo: 通过修改查看隐藏文件设置,达到隐藏文件的目的
num: 168
process_id: 3048
process_name: 1620370812265_c399fe03929f7bfc4a6d6f27025623f0.exe
rulename: 获取隐藏文件设置
attck_tactics: 防御逃逸
level: 1
matchedinfo: 恶意程序通过删除自身的方式,以达到隐藏恶意文件的目的
num: 4533
process_id: 3048
process_name: 1620370812265_c399fe03929f7bfc4a6d6f27025623f0.exe
rulename: 自删除
attck_tactics: 防御逃逸
level: 2
matchedinfo: 通过修改查看隐藏文件设置,达到隐藏文件的目的
num: 168
process_id: 2176
process_name: Au_.exe
rulename: 获取隐藏文件设置
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 4504
process_id: 2176
process_name: Au_.exe
rulename: 遍历文件