VirSCAN VirSCAN

1, E' possibile CARICARE qualsiasi file, ma c'è un limite di 20 MB per file.
2, VirSCAN supporta la decompressione Rar/Zip, ma deve essere minore di 20 file.
3, VirSCAN può eseguire la scansione dei file compressi con password 'infected' o 'virus'.
4, Se il tuo browser non può caricare file, per favore scarica uploader VirSCAN per caricare.

Lingua
Carico del server
Server Load
VirSCAN
VirSCAN

1, E' possibile CARICARE qualsiasi file, ma c'è un limite di 20 MB per file.
2, VirSCAN supporta la decompressione Rar/Zip, ma deve essere minore di 20 file.
3, VirSCAN può eseguire la scansione dei file compressi con password 'infected' o 'virus'.

Informazioni di base

Nome del file: 00读心神探
Dimensione del file: 40460
Tipo di file: application/x-dosexec
MD5: 4a222a2cf0a400861c2ed97ce8860cc9
sha1: 019d7097b65cfa12c99efa55faaf7028260ee83a

 CreateProcess

ApplicationName: C:\Users\Administrator\AppData\Local\Temp\zbhnd.exe
CmdLine: "C:\Users\ADMINI~1\AppData\Local\Temp\zbhnd.exe"
childid: 2856
childname: zbhnd.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\zbhnd.exe
drop_type:
name: 1618997411076_4a222a2cf0a400861c2ed97ce8860cc9.exe
noNeedLine: 1
path: C:\Users\Administrator\AppData\Local\Temp\1618997411076_4a222a2cf0a400861c2ed97ce8860cc9.exe
pid: 2892
ApplicationName:
CmdLine:
childid: 2892
childname: 1618997411076_4a222a2cf0a400861c2ed97ce8860cc9.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\1618997411076_4a222a2cf0a400861c2ed97ce8860cc9.exe
drop_type:
name:
noNeedLine:
path:
pid: 1820

 Behavior_analysis

message: 企图通过长时间休眠躲避沙箱检测
name: 长时间休眠
szSubkey:
score: 2

 Malicious

attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过从资源段释放文件并运行的方式,以达到隐藏恶意代码的目的
num: 125
process_id: 2892
process_name: 1618997411076_4a222a2cf0a400861c2ed97ce8860cc9.exe
rulename: 从资源段释放文件并运行
attck_tactics: 其他恶意行为
level: 2
matchedinfo: 恶意程序通过从资源段释放资源到内存中,进行解密操作
num: 125
process_id: 2892
process_name: 1618997411076_4a222a2cf0a400861c2ed97ce8860cc9.exe
rulename: 加载资源到内存
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 137
process_id: 2892
process_name: 1618997411076_4a222a2cf0a400861c2ed97ce8860cc9.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序创建隐藏进程在背后偷偷运行
num: 223
process_id: 2892
process_name: 1618997411076_4a222a2cf0a400861c2ed97ce8860cc9.exe
rulename: 创建隐藏子进程
attck_tactics: 其他恶意行为
level: 2
matchedinfo: 恶意程序通过从资源段释放资源到内存中,进行解密操作
num: 124
process_id: 2856
process_name: zbhnd.exe
rulename: 加载资源到内存
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 136
process_id: 2856
process_name: zbhnd.exe
rulename: 修改内存地址为可读可写可执行