VirSCAN VirSCAN

1, U kunt elk bestandstype UPLOADEN, bestandsgrootte max. 20 Mb.
2, VirSCAN ondersteunt Rar/Zip decompressie, max. 20 bestanden per Rar/Zip
3, VirSCAN kan Rar/Zip bestanden scannen die beveiligd zijn met wachtwoord 'infected' of 'virus'.
4, Als uw browser geen bestanden kan uploaden, kunt u VirSCAN uploaden.

Taal
Serverbelasting
Server Load
VirSCAN
VirSCAN

1, U kunt elk bestandstype UPLOADEN, bestandsgrootte max. 20 Mb.
2, VirSCAN ondersteunt Rar/Zip decompressie, max. 20 bestanden per Rar/Zip
3, VirSCAN kan Rar/Zip bestanden scannen die beveiligd zijn met wachtwoord 'infected' of 'virus'.

Basis informatie

Bestandsnaam: 00赘婿当道
Bestandsgrootte: 770541
Bestandstype: application/x-dosexec
MD5: 510d0b757882f975b0e86c269c1bb790
sha1: c1b2f75e0df2f7413e5d1b158e1dbfd0c4085aeb

 CreateProcess

ApplicationName:
CmdLine:
childid: 1028
childname: 1618997404880_510d0b757882f975b0e86c269c1bb790.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\1618997404880_510d0b757882f975b0e86c269c1bb790.exe
drop_type:
name:
noNeedLine:
path:
pid: 604

 Malicious

attck_tactics: 防御逃逸
level: 2
matchedinfo: 检查程序运行时监视鼠标是否移动。一般被恶意软件用于沙盒逃逸
num: 158
process_id: 1028
process_name: 1618997404880_510d0b757882f975b0e86c269c1bb790.exe
rulename: 获取当前鼠标位置
attck_tactics: 其他恶意行为
level: 2
matchedinfo: 恶意程序通过从资源段释放资源到内存中,进行解密操作
num: 249
process_id: 1028
process_name: 1618997404880_510d0b757882f975b0e86c269c1bb790.exe
rulename: 加载资源到内存
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 364
process_id: 1028
process_name: 1618997404880_510d0b757882f975b0e86c269c1bb790.exe
rulename: 修改内存地址为可读可写可执行