VirSCAN VirSCAN

1, U kunt elk bestandstype UPLOADEN, bestandsgrootte max. 20 Mb.
2, VirSCAN ondersteunt Rar/Zip decompressie, max. 20 bestanden per Rar/Zip
3, VirSCAN kan Rar/Zip bestanden scannen die beveiligd zijn met wachtwoord 'infected' of 'virus'.
4, Als uw browser geen bestanden kan uploaden, kunt u VirSCAN uploaden.

Taal
Serverbelasting
Server Load
VirSCAN
VirSCAN

1, U kunt elk bestandstype UPLOADEN, bestandsgrootte max. 20 Mb.
2, VirSCAN ondersteunt Rar/Zip decompressie, max. 20 bestanden per Rar/Zip
3, VirSCAN kan Rar/Zip bestanden scannen die beveiligd zijn met wachtwoord 'infected' of 'virus'.

Basis informatie

Bestandsnaam: XDBOX_0.exe
Bestandsgrootte: 1230848
Bestandstype: application/x-dosexec
MD5: 1bd7381b35e1cd30aa2d790afc457b1b
sha1: f6571a7b8b13fd0405c3e78d51cd832607863078

 CreateProcess

ApplicationName:
CmdLine:
childid: 2808
childname: 1618995610912_1bd7381b35e1cd30aa2d790afc457b1b.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\1618995610912_1bd7381b35e1cd30aa2d790afc457b1b.exe
drop_type:
name:
noNeedLine:
path:
pid: 2104

 Malicious

attck_tactics: 基础信息获取
level: 1
matchedinfo: 恶意程序通过获取用户磁盘信息的方式,以达到获取敏感信息的目的
num: 152
process_id: 2808
process_name: 1618995610912_1bd7381b35e1cd30aa2d790afc457b1b.exe
rulename: 收集磁盘信息
attck_tactics: 防御逃逸
level: 2
matchedinfo: 检查程序运行时监视鼠标是否移动。一般被恶意软件用于沙盒逃逸
num: 581
process_id: 2808
process_name: 1618995610912_1bd7381b35e1cd30aa2d790afc457b1b.exe
rulename: 获取当前鼠标位置
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过遍历系统中进程,可以用于特定杀软逃逸、虚拟机逃逸等
num: 648
process_id: 2808
process_name: 1618995610912_1bd7381b35e1cd30aa2d790afc457b1b.exe
rulename: 遍历系统中的进程
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 771
process_id: 2808
process_name: 1618995610912_1bd7381b35e1cd30aa2d790afc457b1b.exe
rulename: 遍历文件
attck_tactics: 防御逃逸
level: 1
matchedinfo: 恶意程序通过终止其它程序运行,可达到躲避监控、查杀、破坏等目的
num: 827
process_id: 2808
process_name: 1618995610912_1bd7381b35e1cd30aa2d790afc457b1b.exe
rulename: 关闭其他进程