VirSCAN VirSCAN

1, U kunt elk bestandstype UPLOADEN, bestandsgrootte max. 20 Mb.
2, VirSCAN ondersteunt Rar/Zip decompressie, max. 20 bestanden per Rar/Zip
3, VirSCAN kan Rar/Zip bestanden scannen die beveiligd zijn met wachtwoord 'infected' of 'virus'.
4, Als uw browser geen bestanden kan uploaden, kunt u VirSCAN uploaden.

Taal
Serverbelasting
Server Load
VirSCAN
VirSCAN

1, U kunt elk bestandstype UPLOADEN, bestandsgrootte max. 20 Mb.
2, VirSCAN ondersteunt Rar/Zip decompressie, max. 20 bestanden per Rar/Zip
3, VirSCAN kan Rar/Zip bestanden scannen die beveiligd zijn met wachtwoord 'infected' of 'virus'.

Basis informatie

Bestandsnaam: 00特搜战队刑事连者
Bestandsgrootte: 1469952
Bestandstype: application/x-dosexec
MD5: ea48a015894a66563b04659c80a18845
sha1: dba983f4da7e06b321aa2a8dbea4c737c78b5660

 CreateProcess

ApplicationName: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
CmdLine: upx.exe -2 "C:\Users\Administrator\AppData\Roaming\winup.exe"
childid: 1696
childname: csc.exe
childpath: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
drop_type:
name: 1620610212036_ea48a015894a66563b04659c80a18845.exe
noNeedLine: 1
path: C:\Users\Administrator\AppData\Local\Temp\1620610212036_ea48a015894a66563b04659c80a18845.exe
pid: 1916
ApplicationName: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
CmdLine:
childid: 840
childname: csc.exe
childpath: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
drop_type:
name: 1620610212036_ea48a015894a66563b04659c80a18845.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1620610212036_ea48a015894a66563b04659c80a18845.exe
pid: 1916
ApplicationName:
CmdLine:
childid: 1916
childname: 1620610212036_ea48a015894a66563b04659c80a18845.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\1620610212036_ea48a015894a66563b04659c80a18845.exe
drop_type:
name:
noNeedLine:
path:
pid: 1668

 Dropped_Save

analysis_result: 安全
create: 0
how: write
md5: d020a349c781a95fa9aa2ea3c1b53cbc
name: .Identifier
new_size: 68bytes
operation: 修改文件
path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\.Identifier
processid: 840
processname: csc.exe
sha1: 6d27afe8d6d35fe0773da3378cf217f3efe26442
sha256: e5a857c0b2e4146d821694e20d3a2a989be43a3cdbf1e2d795d1e776eb6950e5
size: 68
this_path: /data/cuckoo/storage/analyses/5000507/files/1000/.Identifier
type: data

 Malicious

attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过从资源段释放文件并运行的方式,以达到隐藏恶意代码的目的
num: 103
process_id: 1916
process_name: 1620610212036_ea48a015894a66563b04659c80a18845.exe
rulename: 从资源段释放文件并运行
attck_tactics: 其他恶意行为
level: 2
matchedinfo: 恶意程序通过从资源段释放资源到内存中,进行解密操作
num: 103
process_id: 1916
process_name: 1620610212036_ea48a015894a66563b04659c80a18845.exe
rulename: 加载资源到内存
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 135
process_id: 1916
process_name: 1620610212036_ea48a015894a66563b04659c80a18845.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 111
process_id: 1696
process_name: csc.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 131
process_id: 1696
process_name: csc.exe
rulename: 遍历文件
attck_tactics: 基础信息获取
level: 1
matchedinfo: 恶意程序通过获取用户磁盘信息的方式,以达到获取敏感信息的目的
num: 26
process_id: 840
process_name: csc.exe
rulename: 收集磁盘信息
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 148
process_id: 840
process_name: csc.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 命令与控制
level: 2
matchedinfo: 恶意程序可能连接非常规端口网络连接进行数据偷取操作
num: 181
process_id: 840
process_name: csc.exe
rulename: 连接非常规端口
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意程序通过创建网络连接的方式,以达到通过网络连接进行通信的目的
num: 181
process_id: 840
process_name: csc.exe
rulename: 创建网络套接字连接