VirSCAN VirSCAN

1, U kunt elk bestandstype UPLOADEN, bestandsgrootte max. 20 Mb.
2, VirSCAN ondersteunt Rar/Zip decompressie, max. 20 bestanden per Rar/Zip
3, VirSCAN kan Rar/Zip bestanden scannen die beveiligd zijn met wachtwoord 'infected' of 'virus'.
4, Als uw browser geen bestanden kan uploaden, kunt u VirSCAN uploaden.

Taal
Serverbelasting
Server Load
VirSCAN
VirSCAN

1, U kunt elk bestandstype UPLOADEN, bestandsgrootte max. 20 Mb.
2, VirSCAN ondersteunt Rar/Zip decompressie, max. 20 bestanden per Rar/Zip
3, VirSCAN kan Rar/Zip bestanden scannen die beveiligd zijn met wachtwoord 'infected' of 'virus'.

Basis informatie

Bestandsnaam: 00生化危机
Bestandsgrootte: 420132
Bestandstype: application/x-dosexec
MD5: d9694efce37b69451274a7d034685d1b
sha1: 4688717bfb5667cd8d42674c93351ebec17867f3

 CreateProcess

ApplicationName: C:\ProgramData\rffxls.exe
CmdLine:
childid: 2364
childname: rffxls.exe
childpath: C:\ProgramData\rffxls.exe
drop_type:
name: 1621251053497_d9694efce37b69451274a7d034685d1b.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1621251053497_d9694efce37b69451274a7d034685d1b.exe
pid: 2488
ApplicationName:
CmdLine:
childid: 2488
childname: 1621251053497_d9694efce37b69451274a7d034685d1b.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\1621251053497_d9694efce37b69451274a7d034685d1b.exe
drop_type:
name:
noNeedLine:
path:
pid: 2560

 Summary

buffer: C:\ProgramData\rffxls.exe
processid: 2364
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
type: REG_SZ
valuename: Microsoft\xae Windows\xae Operating System

 Malicious

attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 3
process_id: 2488
process_name: 1621251053497_d9694efce37b69451274a7d034685d1b.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 30
process_id: 2488
process_name: 1621251053497_d9694efce37b69451274a7d034685d1b.exe
rulename: 遍历文件
attck_tactics: 防御逃逸
level: 2
matchedinfo: 通过修改查看隐藏文件设置,达到隐藏文件的目的
num: 180
process_id: 2488
process_name: 1621251053497_d9694efce37b69451274a7d034685d1b.exe
rulename: 获取隐藏文件设置
attck_tactics: 持久化
level: 2
matchedinfo: 恶意程序通过修改注册表的方式实现随系统自启动,以达到长期控制或驻留系统的目的
num: 8
process_id: 2364
process_name: rffxls.exe
rulename: 写入自启动注册表,增加自启动2
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 18
process_id: 2364
process_name: rffxls.exe
rulename: 遍历文件