VirSCAN VirSCAN

1, U kunt elk bestandstype UPLOADEN, bestandsgrootte max. 20 Mb.
2, VirSCAN ondersteunt Rar/Zip decompressie, max. 20 bestanden per Rar/Zip
3, VirSCAN kan Rar/Zip bestanden scannen die beveiligd zijn met wachtwoord 'infected' of 'virus'.
4, Als uw browser geen bestanden kan uploaden, kunt u VirSCAN uploaden.

Taal
Serverbelasting
Server Load
VirSCAN
VirSCAN

1, U kunt elk bestandstype UPLOADEN, bestandsgrootte max. 20 Mb.
2, VirSCAN ondersteunt Rar/Zip decompressie, max. 20 bestanden per Rar/Zip
3, VirSCAN kan Rar/Zip bestanden scannen die beveiligd zijn met wachtwoord 'infected' of 'virus'.

Basis informatie

Bestandsnaam: 00疯狂的石头
Bestandsgrootte: 322962
Bestandstype: application/x-dosexec
MD5: d94ff3937d129ec7f6dc06422e1c8b70
sha1: 5a89a67e6265e32f7d887b9a609c75742d8dfce4

 CreateProcess

ApplicationName:
CmdLine:
childid: 2256
childname: 1621251040404_d94ff3937d129ec7f6dc06422e1c8b70.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\1621251040404_d94ff3937d129ec7f6dc06422e1c8b70.exe
drop_type:
name:
noNeedLine:
path:
pid: 2352

 Dropped Unsave

analysis_result: Backdoor.Win32.Delf.ars
create: 0
how: write
md5: 9dbdd4344f049b18af62d5932a9507dc
name: Counter-Strike(hack).exe
new_size: 317KB (325011bytes)
operation: 修改文件
path: C:\Windows\win32dc\Counter-Strike(hack).exe
processid: 2256
processname: 1621251040404_d94ff3937d129ec7f6dc06422e1c8b70.exe
sha1: aee4ace7472970839b049afc5d4f195cf5d02e9f
sha256: 9a6cf2a063d0a7a9d9261c3db6af0761f70efbdcca96e083a677d9851334a356
size: 325011
this_path: /data/cuckoo/storage/analyses/2000917/files/1000/Counter-Strike(hack).exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: Backdoor.Win32.Delf.ars
create: 0
how: write
md5: a0db68c8df5a9248318a4618655122ed
name: Sims 2_patch.exe
new_size: 318KB (326035bytes)
operation: 修改文件
path: C:\Windows\win32dc\Sims 2_patch.exe
processid: 2256
processname: 1621251040404_d94ff3937d129ec7f6dc06422e1c8b70.exe
sha1: 0e45d1bcdf8b249598b1d7afe082ecdf6a220374
sha256: aa9db175056c3a56ae769b0186926189f1f79c4870ac3ddda594c7b3b668de08
size: 326035
this_path: /data/cuckoo/storage/analyses/2000917/files/1001/Sims 2_patch.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: Backdoor.Win32.Delf.ars
create: 0
how: write
md5: e1805d750e3d6eb9a7678835ee91ee84
name: Counter-Strike patch.exe
new_size: 317KB (325011bytes)
operation: 修改文件
path: C:\Windows\win32dc\Counter-Strike patch.exe
processid: 2256
processname: 1621251040404_d94ff3937d129ec7f6dc06422e1c8b70.exe
sha1: beaaf8c31da3b2a8cc5fe5b9e9142bb738229b7b
sha256: 7cb73807efeae70224e2111bd0685174842de15bb82264570ec152c6b22e1aa2
size: 325011
this_path: /data/cuckoo/storage/analyses/2000917/files/1002/Counter-Strike patch.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: Backdoor.Win32.Delf.ars
create: 0
how: copy
md5: d94ff3937d129ec7f6dc06422e1c8b70
name: UT2004(crack).exe
new_size: 315KB (322962bytes)
operation: 拷贝覆盖文件
path: C:\Windows\win32dc\UT2004(crack).exe
processid: 2256
processname: 1621251040404_d94ff3937d129ec7f6dc06422e1c8b70.exe
sha1: 5a89a67e6265e32f7d887b9a609c75742d8dfce4
sha256: 6478104766604431d4c86441989baf09aed62ee06a3abd7a790bbd6edbec6430
size: 322962
this_path: /data/cuckoo/storage/analyses/2000917/files/1003/UT2004(crack).exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: Backdoor.Win32.Delf.ars
create: 0
how: copy
md5: d94ff3937d129ec7f6dc06422e1c8b70
name: Quake3 + serial.exe
new_size: 315KB (322962bytes)
operation: 拷贝覆盖文件
path: C:\Windows\win32dc\Quake3 + serial.exe
processid: 2256
processname: 1621251040404_d94ff3937d129ec7f6dc06422e1c8b70.exe
sha1: 5a89a67e6265e32f7d887b9a609c75742d8dfce4
sha256: 6478104766604431d4c86441989baf09aed62ee06a3abd7a790bbd6edbec6430
size: 322962
this_path: /data/cuckoo/storage/analyses/2000917/files/1004/Quake3 + serial.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: Backdoor.Win32.Delf.ars
create: 0
how: write
md5: 8314f2204ec0f4ce7c1dd6b9a8ef41fa
name: DAoC_patch.exe
new_size: 316KB (323987bytes)
operation: 修改文件
path: C:\Windows\win32dc\DAoC_patch.exe
processid: 2256
processname: 1621251040404_d94ff3937d129ec7f6dc06422e1c8b70.exe
sha1: 2ae1aa0242d06f00faa9a6d8c4f171c8e90e5ffb
sha256: 5ccf5eff3d159819816ca5793d3487bc305bedbf758cfc57dce1995ff891d10b
size: 323987
this_path: /data/cuckoo/storage/analyses/2000917/files/1005/DAoC_patch.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: Backdoor.Win32.Delf.ars
create: 0
how: write
md5: 38776c14358d9b4608beb3a5531ef882
name: BattleField 1942(crack).exe
new_size: 315KB (322963bytes)
operation: 修改文件
path: C:\Windows\win32dc\BattleField 1942(crack).exe
processid: 2256
processname: 1621251040404_d94ff3937d129ec7f6dc06422e1c8b70.exe
sha1: 6484d3ab0b1a105847285ffa90d8b1fe717f9bc2
sha256: f115ace6f6850a89d7f2a31c3f617f9f4e7e92b80274d4448c043d03571f8e69
size: 322963
this_path: /data/cuckoo/storage/analyses/2000917/files/1006/BattleField 1942(crack).exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: Backdoor.Win32.Delf.ars
create: 0
how: write
md5: 02921369aed49084f3d6dac54a969699
name: Doom 3(codes).exe
new_size: 317KB (325011bytes)
operation: 修改文件
path: C:\Windows\win32dc\Doom 3(codes).exe
processid: 2256
processname: 1621251040404_d94ff3937d129ec7f6dc06422e1c8b70.exe
sha1: 1c5e64125a2fc3e0f27f2f105f8506565457ff85
sha256: bd80ca0bce244680b159271fae0713d8f46a169a35b41d6c163d1358b5c2d5be
size: 325011
this_path: /data/cuckoo/storage/analyses/2000917/files/1007/Doom 3(codes).exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
analysis_result: Backdoor.Win32.Delf.ars
create: 0
how: copy
md5: d94ff3937d129ec7f6dc06422e1c8b70
name: UT2004(serial).exe
new_size: 315KB (322962bytes)
operation: 拷贝覆盖文件
path: C:\Windows\win32dc\UT2004(serial).exe
processid: 2256
processname: 1621251040404_d94ff3937d129ec7f6dc06422e1c8b70.exe
sha1: 5a89a67e6265e32f7d887b9a609c75742d8dfce4
sha256: 6478104766604431d4c86441989baf09aed62ee06a3abd7a790bbd6edbec6430
size: 322962
this_path: /data/cuckoo/storage/analyses/2000917/files/1008/UT2004(serial).exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

 Malicious

attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 9
process_id: 2256
process_name: 1621251040404_d94ff3937d129ec7f6dc06422e1c8b70.exe
rulename: 拷贝文件到系统目录