VirSCAN VirSCAN

1, Puteți ÎNCĂRCA orice tip de fișier, însă limita este de 20Mb per fișier.
2, VirSCAN suportă decompresie Rar/Zip, însă arhiva nu trebuie să conțină mai mult de 20 fișiere.
3, VirSCAN poate scana fișiere arhivate cu parola 'infected' sau 'virus'
4, Dacă browser-ul dumneavoastră nu poate încărca fișiere, vă rugăm să descărcați încărcarea VirSCAN.

Limba
Nivelul de încărcare a serverului
Server Load
VirSCAN
VirSCAN

1, Puteți ÎNCĂRCA orice tip de fișier, însă limita este de 20Mb per fișier.
2, VirSCAN suportă decompresie Rar/Zip, însă arhiva nu trebuie să conțină mai mult de 20 fișiere.
3, VirSCAN poate scana fișiere arhivate cu parola 'infected' sau 'virus'

Informații de bază

Numele fișierului: 00都市剑说
Dimensiunea fișierului: 1189888
Tip fișier: application/x-dosexec
MD5: e42afcf847b64a60b5e542de55bde749
sha1: ac5b018c8865e0c31a319a9e4d5aa813087a0194

 CreateProcess

ApplicationName:
CmdLine:
childid: 1708
childname: 1620556201841_e42afcf847b64a60b5e542de55bde749.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\1620556201841_e42afcf847b64a60b5e542de55bde749.exe
drop_type:
name:
noNeedLine:
path:
pid: 2248
ApplicationName:
CmdLine:
childid: 1124
childname: explorer.exe
childpath: C:\Windows\explorer.exe
drop_type:
name:
noNeedLine:
path:
pid: 1068

 Summary

buffer: C:\Program Files (x86)\7-Zip\
processid: 1708
szSubkey: HKEY_CURRENT_USER\Software\7-Zip
type: REG_SZ
valuename: Path32
buffer: C:\Program Files (x86)\7-Zip\
processid: 1708
szSubkey: HKEY_CURRENT_USER\Software\7-Zip
type: REG_SZ
valuename: Path
buffer: C:\Program Files (x86)\7-Zip\
processid: 1708
szSubkey: HKEY_LOCAL_MACHINE\Software\7-Zip
type: REG_SZ
valuename: Path32
buffer: C:\Program Files (x86)\7-Zip\
processid: 1708
szSubkey: HKEY_LOCAL_MACHINE\Software\7-Zip
type: REG_SZ
valuename: Path
buffer: 7-Zip Shell Extension
processid: 1708
szSubkey: HKEY_CLASSES_ROOT\CLSID\{23170F69-40C1-278A-1000-000100020000}
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\(Default)
buffer: C:\Program Files (x86)\7-Zip\7-zip.dll
processid: 1708
szSubkey: HKEY_CLASSES_ROOT\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\(Default)
buffer: Apartment
processid: 1708
szSubkey: HKEY_CLASSES_ROOT\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {23170F69-40C1-278A-1000-000100020000}
processid: 1708
szSubkey: HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\7-Zip
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\(Default)
buffer: {23170F69-40C1-278A-1000-000100020000}
processid: 1708
szSubkey: HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\7-Zip
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\(Default)
buffer: {23170F69-40C1-278A-1000-000100020000}
processid: 1708
szSubkey: HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\7-Zip
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\7-Zip\(Default)
buffer: {23170F69-40C1-278A-1000-000100020000}
processid: 1708
szSubkey: HKEY_CLASSES_ROOT\Directory\shellex\DragDropHandlers\7-Zip
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\(Default)
buffer: {23170F69-40C1-278A-1000-000100020000}
processid: 1708
szSubkey: HKEY_CLASSES_ROOT\Drive\shellex\DragDropHandlers\7-Zip
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\(Default)
buffer: 7-Zip Shell Extension
processid: 1708
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
type: REG_SZ
valuename: {23170F69-40C1-278A-1000-000100020000}
buffer: C:\Program Files (x86)\7-Zip\7zFM.exe
processid: 1708
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\7zFM.exe
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\7zFM.exe\(Default)
buffer: C:\Program Files (x86)\7-Zip\
processid: 1708
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\7zFM.exe
type: REG_SZ
valuename: Path
buffer: 7-Zip 19.00
processid: 1708
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip
type: REG_SZ
valuename: DisplayName
buffer: 19.00
processid: 1708
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip
type: REG_SZ
valuename: DisplayVersion
buffer: C:\Program Files (x86)\7-Zip\7zFM.exe
processid: 1708
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip
type: REG_SZ
valuename: DisplayIcon
buffer: C:\Program Files (x86)\7-Zip\
processid: 1708
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip
type: REG_SZ
valuename: InstallLocation
buffer: C:\Program Files (x86)\7-Zip\Uninstall.exe
processid: 1708
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip
type: REG_SZ
valuename: UninstallString
buffer: 1
processid: 1708
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip
type: REG_DWORD
valuename: NoModify
buffer: 1
processid: 1708
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip
type: REG_DWORD
valuename: NoRepair
buffer: 3772
processid: 1708
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip
type: REG_DWORD
valuename: EstimatedSize
buffer: 19
processid: 1708
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip
type: REG_DWORD
valuename: VersionMajor
buffer: 0
processid: 1708
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip
type: REG_DWORD
valuename: VersionMinor
buffer: Igor Pavlov
processid: 1708
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip
type: REG_SZ
valuename: Publisher
buffer: \x13\x00\x00\x00\xc3S[bH\xab\xc1N\xba\x1f\xa1\xefAF\xfc\x19\x00\x80\x00\x00\x00~\x001\x00\x00\x00\x00\x00hKKD\x11\x00Programs\x00\x00f\x00\x08\x00\x04\x00\xef\xbehKGDhKKD*\x00\x00\x00\xa6\x0c\x01\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00<\x00\x00\x00\x00\x00P\x00r\x00o\x00g\x00r\x00a\x00m\x00s\x00\x00\x00@\x00s\x00h\x00e\x00l\x00l\x003\x002\x00.\x00d\x00l\x00l\x00,\x00-\x002\x001\x007\x008\x002\x00\x00\x00\x18\x00\x00\x00\x01\x12\x02\x00\x00\x10\x022\x00* \x00\x00hKxF \x00GOOGLE~1.LNK\x00\x00P\x00\x08\x00\x04\x00\xef\xbehKxFhKxF*\x00\x00\x00\xe8@\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00G\x00o\x00o\x00g\x00l\x00e\x00 \x00C\x00h\x00r\x00o\x00m\x00e\x00.\x00
processid: 1124
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage2
type: REG_BINARY
valuename: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage2\ProgramsCache

 Malicious

attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 17
process_id: 1708
process_name: 1620556201841_e42afcf847b64a60b5e542de55bde749.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 防御逃逸
level: 2
matchedinfo: 通过修改查看隐藏文件设置,达到隐藏文件的目的
num: 1294
process_id: 1708
process_name: 1620556201841_e42afcf847b64a60b5e542de55bde749.exe
rulename: 获取隐藏文件设置
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意程序通过创建网络连接的方式,以达到通过网络连接进行通信的目的
num: 2805
process_id: 1708
process_name: 1620556201841_e42afcf847b64a60b5e542de55bde749.exe
rulename: 创建网络套接字连接
attck_tactics: 命令与控制
level: 2
matchedinfo: 恶意程序可能连接非常规端口网络连接进行数据偷取操作
num: 2805
process_id: 1708
process_name: 1620556201841_e42afcf847b64a60b5e542de55bde749.exe
rulename: 连接非常规端口
attck_tactics: 防御逃逸
level: 2
matchedinfo: 检查程序运行时监视鼠标是否移动。一般被恶意软件用于沙盒逃逸
num: 129
process_id: 1124
process_name: explorer.exe
rulename: 获取当前鼠标位置