VirSCAN VirSCAN

1, U kunt elk bestandstype UPLOADEN, bestandsgrootte max. 20 Mb.
2, VirSCAN ondersteunt Rar/Zip decompressie, max. 20 bestanden per Rar/Zip
3, VirSCAN kan Rar/Zip bestanden scannen die beveiligd zijn met wachtwoord 'infected' of 'virus'.
4, Als uw browser geen bestanden kan uploaden, kunt u VirSCAN uploaden.

Taal
Serverbelasting
Server Load
VirSCAN
VirSCAN

1, U kunt elk bestandstype UPLOADEN, bestandsgrootte max. 20 Mb.
2, VirSCAN ondersteunt Rar/Zip decompressie, max. 20 bestanden per Rar/Zip
3, VirSCAN kan Rar/Zip bestanden scannen die beveiligd zijn met wachtwoord 'infected' of 'virus'.

Basis informatie

Bestandsnaam: 00英雄联盟之绝世无双
Bestandsgrootte: 713496
Bestandstype: application/x-dosexec
MD5: 545c9eb38a07afd9830826acabbe14fa
sha1: 56eaaeed76f2d35ba65134fd6757b693288851e4

 CreateProcess

ApplicationName:
CmdLine:
childid: 2436
childname: 1618995618291_545c9eb38a07afd9830826acabbe14fa.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\1618995618291_545c9eb38a07afd9830826acabbe14fa.exe
drop_type:
name:
noNeedLine:
path:
pid: 1956

 Summary

buffer: eBookNSHandler
processid: 2436
szSubkey: HKEY_CLASSES_ROOT\CLSID\{9C453F21-396D-11D5-9734-70E252C10127}
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9C453F21-396D-11D5-9734-70E252C10127}\(Default)
buffer: C:\Users\Administrator\AppData\Local\Temp\1618995618291_545c9eb38a07afd9830826acabbe14fa.exe
processid: 2436
szSubkey: HKEY_CLASSES_ROOT\CLSID\{9C453F21-396D-11D5-9734-70E252C10127}\LocalServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9C453F21-396D-11D5-9734-70E252C10127}\LocalServer32\(Default)
buffer: eBookNSHandler
processid: 2436
szSubkey: HKEY_CLASSES_ROOT\1618995618291_545c9eb38a07afd9830826acabbe14fa.eBookNSHandler
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\1618995618291_545c9eb38a07afd9830826acabbe14fa.eBookNSHandler\(Default)
buffer: {9C453F21-396D-11D5-9734-70E252C10127}
processid: 2436
szSubkey: HKEY_CLASSES_ROOT\1618995618291_545c9eb38a07afd9830826acabbe14fa.eBookNSHandler\Clsid
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\1618995618291_545c9eb38a07afd9830826acabbe14fa.eBookNSHandler\Clsid\(Default)
buffer: 1618995618291_545c9eb38a07afd9830826acabbe14fa.eBookNSHandler
processid: 2436
szSubkey: HKEY_CLASSES_ROOT\CLSID\{9C453F21-396D-11D5-9734-70E252C10127}\ProgID
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9C453F21-396D-11D5-9734-70E252C10127}\ProgID\(Default)
buffer: 0
processid: 2436
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
type: REG_DWORD
valuename: UNCAsIntranet
buffer: 1
processid: 2436
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
type: REG_DWORD
valuename: AutoDetect
buffer: 0
processid: 2436
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
type: REG_DWORD
valuename: UNCAsIntranet
buffer: 1
processid: 2436
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
type: REG_DWORD
valuename: AutoDetect
buffer:
processid: 2436
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
type: REG_SZ
valuename: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\(Default)

 Malicious

attck_tactics: 其他恶意行为
level: 2
matchedinfo: 恶意程序通过从资源段释放资源到内存中,进行解密操作
num: 81
process_id: 2436
process_name: 1618995618291_545c9eb38a07afd9830826acabbe14fa.exe
rulename: 加载资源到内存
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 113
process_id: 2436
process_name: 1618995618291_545c9eb38a07afd9830826acabbe14fa.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 一般被用于文件的加密、数据的加密传输或可能被用于勒索者病毒中
num: 252
process_id: 2436
process_name: 1618995618291_545c9eb38a07afd9830826acabbe14fa.exe
rulename: 调用加密算法库
attck_tactics: 持久化
level: 1
matchedinfo: 恶意程序通过写入注册表,以达修改用户修改代理
num: 596
process_id: 2436
process_name: 1618995618291_545c9eb38a07afd9830826acabbe14fa.exe
rulename: 修改浏览器代理
attck_tactics: 基础信息获取
level: 1
matchedinfo: 恶意程序通过调用关键api的获取系统的用户名,以达到收集用户信息的目的
num: 677
process_id: 2436
process_name: 1618995618291_545c9eb38a07afd9830826acabbe14fa.exe
rulename: 获取当前用户名
attck_tactics: 防御逃逸
level: 2
matchedinfo: 检查程序运行时监视鼠标是否移动。一般被恶意软件用于沙盒逃逸
num: 4761
process_id: 2436
process_name: 1618995618291_545c9eb38a07afd9830826acabbe14fa.exe
rulename: 获取当前鼠标位置
attck_tactics: 持久化
level: 1
matchedinfo: 恶意程序通过打开服务控制管理器(Service Control Manager),以达到对服务进行控制的目的
num: 8195
process_id: 2436
process_name: 1618995618291_545c9eb38a07afd9830826acabbe14fa.exe
rulename: 打开服务控制管理器
attck_tactics: 执行
level: 2
matchedinfo: 恶意程序通过打开线程,以达到操作其它线程的目的
num: 10555
process_id: 2436
process_name: 1618995618291_545c9eb38a07afd9830826acabbe14fa.exe
rulename: 打开其他线程