VirSCAN VirSCAN

1, U kunt elk bestandstype UPLOADEN, bestandsgrootte max. 20 Mb.
2, VirSCAN ondersteunt Rar/Zip decompressie, max. 20 bestanden per Rar/Zip
3, VirSCAN kan Rar/Zip bestanden scannen die beveiligd zijn met wachtwoord 'infected' of 'virus'.
4, Als uw browser geen bestanden kan uploaden, kunt u VirSCAN uploaden.

Taal
Serverbelasting
Server Load
VirSCAN
VirSCAN

1, U kunt elk bestandstype UPLOADEN, bestandsgrootte max. 20 Mb.
2, VirSCAN ondersteunt Rar/Zip decompressie, max. 20 bestanden per Rar/Zip
3, VirSCAN kan Rar/Zip bestanden scannen die beveiligd zijn met wachtwoord 'infected' of 'virus'.

Basis informatie

Bestandsnaam: 司法速算器 V11.7 Beta.exe
Bestandsgrootte: 1097728
Bestandstype: application/x-dosexec
MD5: c32b63a411fe800ae383e1c5226155c0
sha1: 852516234f9737aaf8430ecfbdc4f112cff2f400

 CreateProcess

ApplicationName:
CmdLine:
childid: 160
childname: 1618997436427_c32b63a411fe800ae383e1c5226155c0.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\1618997436427_c32b63a411fe800ae383e1c5226155c0.exe
drop_type:
name:
noNeedLine:
path:
pid: 2104

 Summary

buffer: g1\xd0\xdd\xa0\xac5\xf3\xd2\xf9X\xdeo\x90
processid: 160
szSubkey: HKEY_CURRENT_USER\Software\Enigma Protector\7E93392359B48E73-658DBB721F9AD036\526EA5DD0BAD34B6-73BE899C207D6F69
type: REG_BINARY
valuename: 63AB94B2
buffer: \xe8\x81E\xfc\xedy\xe3\xfd\xc7\xf9D3,D\xbe\xf7\x01'\x8c\xe2\xde:\x8b=\xc8L\x84\x98\xf8\xabeQ\x88H\x8f\xaa\x87\x8f\x92iU\x1dU\xbe\x98\xf9\xec&V\x85(#s\xc3\x0b\x9b\xb8\xf4F}\x881\xb2\xa3\xf9\x0bq\xe9\xbd\xbcv\xf5\xc8\xa1w\xf1\xeay\xef\xa5B\x94\x8a\xcd\x81\x07\xadW\xa9\x9a\xa6\x10\x7f\xf6\x0c,hhW\xa5\xc0?m\xa2=*\xfb!$\x9f\x0ed
processid: 160
szSubkey: HKEY_CURRENT_USER\Software\Enigma Protector\7E93392359B48E73-658DBB721F9AD036
type: REG_BINARY
valuename: Options
buffer: 0
processid: 160
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\1618997436427_c32b63a411fe800ae383e1c5226155c0_RASMANCS
type: REG_DWORD
valuename: EnableFileTracing
buffer: 0
processid: 160
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\1618997436427_c32b63a411fe800ae383e1c5226155c0_RASMANCS
type: REG_DWORD
valuename: EnableConsoleTracing
buffer: 4294901760
processid: 160
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\1618997436427_c32b63a411fe800ae383e1c5226155c0_RASMANCS
type: REG_DWORD
valuename: FileTracingMask
buffer: 4294901760
processid: 160
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\1618997436427_c32b63a411fe800ae383e1c5226155c0_RASMANCS
type: REG_DWORD
valuename: ConsoleTracingMask
buffer: 1048576
processid: 160
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\1618997436427_c32b63a411fe800ae383e1c5226155c0_RASMANCS
type: REG_DWORD
valuename: MaxFileSize
buffer: %windir%\tracing\x00
processid: 160
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\1618997436427_c32b63a411fe800ae383e1c5226155c0_RASMANCS
type: REG_EXPAND_SZ
valuename: FileDirectory
buffer: 1
processid: 160
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\{42E7C687-3C56-48E6-A2A2-AB48DD2D7BC7}
type: REG_DWORD
valuename: WpadDecisionReason
buffer: \xd0\xab,V\xce6\xd7\x01
processid: 160
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\{42E7C687-3C56-48E6-A2A2-AB48DD2D7BC7}
type: REG_BINARY
valuename: WpadDecisionTime
buffer: 3
processid: 160
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\{42E7C687-3C56-48E6-A2A2-AB48DD2D7BC7}
type: REG_DWORD
valuename: WpadDecision
buffer: 网络 2
processid: 160
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\{42E7C687-3C56-48E6-A2A2-AB48DD2D7BC7}
type: REG_SZ
valuename: WpadNetworkName
buffer: 1
processid: 160
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00
type: REG_DWORD
valuename: WpadDecisionReason
buffer: \xd0\xab,V\xce6\xd7\x01
processid: 160
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00
type: REG_BINARY
valuename: WpadDecisionTime
buffer: 3
processid: 160
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00
type: REG_DWORD
valuename: WpadDecision
buffer: F\x00\x00\x00\x0e\x00\x00\x00 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xd0ei2\xce6\xd7\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x02\x00\x00\x00\xc0\xa88\xc9\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x11\x00\x00\x00\x1c\x00\x00\x00\x1c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00 \x00\x00\x00\x10\x00\x00\x01\x00\x00\x00\xed\x03\x00\x00 \x06\x02\x00\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\xc0\xb0\xea\xf9\xd4&\xd0\x11\xbb\xbf\x00\xaa\x00l4\xe4\x17\x00\x00\x00\x00\x00\x00\x00\xfe\x80\x00\x00\x00\x00\x00\x00=\x92\xb2N\x9ehT7\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00
processid: 160
szSubkey: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
type: REG_BINARY
valuename: DefaultConnectionSettings
buffer: {42E7C687-3C56-48E6-A2A2-AB48DD2D7BC7}
processid: 160
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad
type: REG_SZ
valuename: WpadLastNetwork
buffer: 1
processid: 160
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\{42E7C687-3C56-48E6-A2A2-AB48DD2D7BC7}
type: REG_DWORD
valuename: WpadDecisionReason
buffer: \x90\x9d\xcb\xfa\xce6\xd7\x01
processid: 160
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\{42E7C687-3C56-48E6-A2A2-AB48DD2D7BC7}
type: REG_BINARY
valuename: WpadDecisionTime
buffer: 0
processid: 160
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\{42E7C687-3C56-48E6-A2A2-AB48DD2D7BC7}
type: REG_DWORD
valuename: WpadDecision
buffer: 网络 2
processid: 160
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\{42E7C687-3C56-48E6-A2A2-AB48DD2D7BC7}
type: REG_SZ
valuename: WpadNetworkName
buffer: 1
processid: 160
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00
type: REG_DWORD
valuename: WpadDecisionReason
buffer: \x90\x9d\xcb\xfa\xce6\xd7\x01
processid: 160
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00
type: REG_BINARY
valuename: WpadDecisionTime
buffer: 0
processid: 160
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00
type: REG_DWORD
valuename: WpadDecision

 Behavior_analysis

message: 企图通过长时间休眠躲避沙箱检测
name: 长时间休眠
szSubkey:
score: 2

 Dropped_Save

analysis_result: 安全
create: 0
how: write
md5: f55fc08f163622835fcccaba2373e442
name: 5BBE51BD
new_size: 14bytes
operation: 修改文件
path: C:\Users\Administrator\AppData\Local\Temp\5BBE51BD
processid: 160
processname: 1618997436427_c32b63a411fe800ae383e1c5226155c0.exe
sha1: 0c247e911ba6806006aefa17d484b4135156122f
sha256: 848a91982461cc20adef8772ce8b5292f118c46e9213dee1321efeff21e083b7
size: 14
this_path: /data/cuckoo/storage/analyses/92/files/1000/5BBE51BD
type: Non-ISO extended-ASCII text, with no line terminators

 Malicious

attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 1
process_id: 160
process_name: 1618997436427_c32b63a411fe800ae383e1c5226155c0.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 基础信息获取
level: 1
matchedinfo: 恶意程序通过获取用户磁盘信息的方式,以达到获取敏感信息的目的
num: 227
process_id: 160
process_name: 1618997436427_c32b63a411fe800ae383e1c5226155c0.exe
rulename: 收集磁盘信息
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 775
process_id: 160
process_name: 1618997436427_c32b63a411fe800ae383e1c5226155c0.exe
rulename: 遍历文件
attck_tactics: 其他恶意行为
level: 2
matchedinfo: 恶意程序通过从资源段释放资源到内存中,进行解密操作
num: 890
process_id: 160
process_name: 1618997436427_c32b63a411fe800ae383e1c5226155c0.exe
rulename: 加载资源到内存
attck_tactics: 基础信息获取
level: 1
matchedinfo: 恶意程序通过调用关键api的获取系统的用户名,以达到收集用户信息的目的
num: 1153
process_id: 160
process_name: 1618997436427_c32b63a411fe800ae383e1c5226155c0.exe
rulename: 获取当前用户名
attck_tactics: 防御逃逸
level: 3
matchedinfo: 通过调用CreateRemoteThread在其它进程地址空间中运行的恶意代码。
num: 3334
process_id: 160
process_name: 1618997436427_c32b63a411fe800ae383e1c5226155c0.exe
rulename: 调用CreateRemoteThread进行线程注入
attck_tactics: 持久化
level: 1
matchedinfo: 恶意程序通过打开服务控制管理器(Service Control Manager),以达到对服务进行控制的目的
num: 3591
process_id: 160
process_name: 1618997436427_c32b63a411fe800ae383e1c5226155c0.exe
rulename: 打开服务控制管理器
attck_tactics: 执行
level: 2
matchedinfo: 恶意程序通过打开线程,以达到操作其它线程的目的
num: 3604
process_id: 160
process_name: 1618997436427_c32b63a411fe800ae383e1c5226155c0.exe
rulename: 打开其他线程
attck_tactics: 命令与控制
level: 1
matchedinfo: 恶意程序可能连接非常规端口网络连接进行数据偷取操作
num: 3618
process_id: 160
process_name: 1618997436427_c32b63a411fe800ae383e1c5226155c0.exe
rulename: 连接本地地址127.0.0.1
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意程序通过创建网络连接的方式,以达到通过网络连接进行通信的目的
num: 3618
process_id: 160
process_name: 1618997436427_c32b63a411fe800ae383e1c5226155c0.exe
rulename: 创建网络套接字连接
attck_tactics: 基础信息获取
level: 1
matchedinfo: 恶意程序通过获取用户网卡信息的方式,以达到获取敏感信息的目的
num: 3838
process_id: 160
process_name: 1618997436427_c32b63a411fe800ae383e1c5226155c0.exe
rulename: 收集电脑网卡信息
attck_tactics: 其他恶意行为
level: 2
matchedinfo: 恶意程序会使用Get方式请求(或发送)配置文件
num: 4372
process_id: 160
process_name: 1618997436427_c32b63a411fe800ae383e1c5226155c0.exe
rulename: 使用Get方式请求数据