VirSCAN VirSCAN

1, U kunt elk bestandstype UPLOADEN, bestandsgrootte max. 20 Mb.
2, VirSCAN ondersteunt Rar/Zip decompressie, max. 20 bestanden per Rar/Zip
3, VirSCAN kan Rar/Zip bestanden scannen die beveiligd zijn met wachtwoord 'infected' of 'virus'.
4, Als uw browser geen bestanden kan uploaden, kunt u VirSCAN uploaden.

Taal
Serverbelasting
Server Load
VirSCAN
VirSCAN

1, U kunt elk bestandstype UPLOADEN, bestandsgrootte max. 20 Mb.
2, VirSCAN ondersteunt Rar/Zip decompressie, max. 20 bestanden per Rar/Zip
3, VirSCAN kan Rar/Zip bestanden scannen die beveiligd zijn met wachtwoord 'infected' of 'virus'.

Basis informatie

Bestandsnaam: 00大周仙吏
Bestandsgrootte: 205646
Bestandstype: application/x-dosexec
MD5: aed8a79636af77c31dfef2f3776eea46
sha1: 7b01c6dd3b1eb0bbf387ff2cd570d5fce503734b

 CreateProcess

ApplicationName:
CmdLine: "C:\Users\Administrator\AppData\Roaming\wtc3846.tmp.bat" "C:\Users\Administrator\AppData\Local\Temp\1620966792779_aed8a79636af77c31dfef2f3776eea46.exe"
childid: 2732
childname: cmd.exe
childpath: C:\Windows\SysWOW64\cmd.exe
drop_type:
name: 1620966792779_aed8a79636af77c31dfef2f3776eea46.exe
noNeedLine: 1
path: C:\Users\Administrator\AppData\Local\Temp\1620966792779_aed8a79636af77c31dfef2f3776eea46.exe
pid: 3044
ApplicationName: C:\Windows\System32\attrib.exe
CmdLine: attrib -r -s -h "C:\Users\Administrator\AppData\Local\Temp\1620966792779_aed8a79636af77c31dfef2f3776eea46.exe"
childid: 2812
childname: attrib.exe
childpath: C:\Windows\SysWOW64\attrib.exe
drop_type:
name: cmd.exe
noNeedLine:
path: C:\Windows\SysWOW64\cmd.exe
pid: 2732
ApplicationName:
CmdLine:
childid: 3044
childname: 1620966792779_aed8a79636af77c31dfef2f3776eea46.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\1620966792779_aed8a79636af77c31dfef2f3776eea46.exe
drop_type:
name:
noNeedLine:
path:
pid: 2596

 Dropped_Save

analysis_result: 安全
create: 0
how: del
md5: 761d67489a52cd9b1c78cf145bc8baad
name: wtc3846.tmp.bat
new_size: 58bytes
operation: 释放后删除文件
path: C:\Users\Administrator\AppData\Roaming\wtc3846.tmp.bat
processid: 2732
processname: cmd.exe
sha1: aa5bd441fd9f98235abfc71861d923f49e12129e
sha256: 24c7a2435ad7f4f51d0d6b2a7b23faa70808a20f4283548f87d14b53a9edd5c4
size: 58
this_path: /data/cuckoo/storage/analyses/66/files/9585789322/wtc3846.tmp.bat
type: ASCII text, with CRLF line terminators
analysis_result: 安全
create: 0
how: write
md5: a7d9669ffb39272ec6f9b3669a596d4f
name: 2d17e659d34601689591
new_size: 29bytes
operation: 修改文件
path: C:\Users\Administrator\AppData\Local\Temp\2d17e659d34601689591
processid: 3044
processname: 1620966792779_aed8a79636af77c31dfef2f3776eea46.exe
sha1: fbd9745455d6576d9fa6b918b1aeb598941b3f45
sha256: a916c542ac8c54eddac7302e09b8ba5e7e5dbb7785c3ea86375a5303859e1a82
size: 29
this_path: /data/cuckoo/storage/analyses/66/files/1001/2d17e659d34601689591
type: ASCII text, with no line terminators

 Dropped Unsave

analysis_result: Trojan-Banker.Win32.Shifu.eph
create: 0
how: write
md5: 88078caceb41569e57cb14af2e52cdf5
name: 2440f04jbb.exe
new_size: 200KB (205646bytes)
operation: 修改文件
path: C:\ProgramData\2440f04jbb.exe
processid: 3044
processname: 1620966792779_aed8a79636af77c31dfef2f3776eea46.exe
sha1: c46d6b9e456cc2551a9bacc7b2d8ddf9dff433f0
sha256: 283121085d120048766677b8402a5426afd9720ba98cddc3975db54aebd25527
size: 205646
this_path: /data/cuckoo/storage/analyses/66/files/1000/2440f04jbb.exe
type: MS-DOS executable, MZ for MS-DOS

 Malicious

attck_tactics: 其他恶意行为
level: 1
matchedinfo: 一般被用于文件的加密、数据的加密传输或可能被用于勒索者病毒中
num: 18
process_id: 3044
process_name: 1620966792779_aed8a79636af77c31dfef2f3776eea46.exe
rulename: 调用加密算法库
attck_tactics: 防御逃逸
level: 3
matchedinfo: 恶意程序通过使用批处理删除正常文件或恶意文件自身或恶意文件释放的文件,以达到破坏正常文件或隐藏恶意文件的目的
num: 56
process_id: 3044
process_name: 1620966792779_aed8a79636af77c31dfef2f3776eea46.exe
rulename: 删除文件(使用批处理方式)
attck_tactics: 防御逃逸
level: 2
matchedinfo: 通过修改查看隐藏文件设置,达到隐藏文件的目的
num: 212
process_id: 3044
process_name: 1620966792779_aed8a79636af77c31dfef2f3776eea46.exe
rulename: 获取隐藏文件设置
attck_tactics: 执行
level: 2
matchedinfo: 恶意程序通过打开线程,以达到操作其它线程的目的
num: 2
process_id: 2732
process_name: cmd.exe
rulename: 打开其他线程
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 27
process_id: 2732
process_name: cmd.exe
rulename: 遍历文件
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 2
process_id: 2812
process_name: attrib.exe
rulename: 遍历文件