VirSCAN VirSCAN

1, คุณสามารถอัพโหลดไฟล์ไดๆก็ได้ที่มีขนาดไม่ใหญ่กว่า 20 เมกกะไบต์
2, VirSCAN สามารถสแกนไฟล์ที่ถูกบีบอัดในรูปแบบของ ZIP และ RAR โดยจะต้องมีไฟล์ในนั้นไม่สูงกว่า 20 ไฟล์
3, VirSCAN สามารถสแกนไฟล์บีบอัดที่มีรหัสผ่านด้วยคำว่า 'infected' และ 'virus' ได้
4, ถ้าเบราว์เซอร์ของคุณไม่สามารถอัปโหลดไฟล์กรุณาดาวน์โหลด Virscan uploader สำหรับการอัปโหลด

ภาษา
การทำงานของเซิฟเวอร์
Server Load
VirSCAN
VirSCAN

1, คุณสามารถอัพโหลดไฟล์ไดๆก็ได้ที่มีขนาดไม่ใหญ่กว่า 20 เมกกะไบต์
2, VirSCAN สามารถสแกนไฟล์ที่ถูกบีบอัดในรูปแบบของ ZIP และ RAR โดยจะต้องมีไฟล์ในนั้นไม่สูงกว่า 20 ไฟล์
3, VirSCAN สามารถสแกนไฟล์บีบอัดที่มีรหัสผ่านด้วยคำว่า 'infected' และ 'virus' ได้

ข้อมูลพื้นฐาน

ชื่อไฟล์: 00幻夜
ขนาดไฟล์: 420126
ประเภทไฟล์: application/x-dosexec
MD5: a9d1d64070d8b92e178be1618a9ddfaf
sha1: 41dd3c836386a6ad2a380a4a685113278a39cfea

 CreateProcess

ApplicationName: C:\ProgramData\ufxov.exe
CmdLine:
childid: 1572
childname: ufxov.exe
childpath: C:\ProgramData\ufxov.exe
drop_type: 1
name: 1620970254288_a9d1d64070d8b92e178be1618a9ddfaf.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1620970254288_a9d1d64070d8b92e178be1618a9ddfaf.exe
pid: 768
ApplicationName:
CmdLine:
childid: 768
childname: 1620970254288_a9d1d64070d8b92e178be1618a9ddfaf.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\1620970254288_a9d1d64070d8b92e178be1618a9ddfaf.exe
drop_type:
name:
noNeedLine:
path:
pid: 1948

 Summary

buffer: C:\ProgramData\ufxov.exe
processid: 1572
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
type: REG_SZ
valuename: Microsoft\xae Windows\xae Operating System

 Dropped_Save

analysis_result: 安全
create: 0
how: write
md5: aef10b9ba25f907727558514f2dfbab0
name: Mira.h
new_size: 150KB (154322bytes)
operation: 修改文件
path: C:\ProgramData\Saaaalamm\Mira.h
processid: 768
processname: 1620970254288_a9d1d64070d8b92e178be1618a9ddfaf.exe
sha1: d67383ef1b23d4da72339d66de9541c2e1efaf53
sha256: f5e77ddc706f6dffe056dc2f8a88adece36e0e4552bc70a85f36b1e01fe547ad
size: 154322
this_path: /data/cuckoo/storage/analyses/1000077/files/1001/Mira.h
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: e63bbb1a7c59e5e1a130768aca71c8f5
name: $Recycle.Bin .exe
new_size: 410KB (420128bytes)
operation: 修改文件
path: C:\$Recycle.Bin .exe
processid: 1572
processname: ufxov.exe
sha1: 7182864b9dd56dcf28a481ae32a2ac3274fa86be
sha256: 4fa23ae487db5b98cdfb134da8e1dd5b8650f60c260bbc160f1da040f08f7095
size: 420128
this_path: /data/cuckoo/storage/analyses/1000077/files/1002/$Recycle.Bin .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 8c3acf3864c970a70ee96c0877c94d8d
name: Documents and Settings .exe
new_size: 410KB (420128bytes)
operation: 修改文件
path: C:\Documents and Settings .exe
processid: 1572
processname: ufxov.exe
sha1: f50f0196d629836f62e6193a49a361e730f8e37b
sha256: 14a9960a4f8005244ac0d5b3e49fc4bf89e6df4bd6637017ee77adb0d0971ffe
size: 420128
this_path: /data/cuckoo/storage/analyses/1000077/files/1003/Documents and Settings .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 36c058f6e69c13ffab9a653b59a456b6
name: JCJEjNRVAW .exe
new_size: 410KB (420128bytes)
operation: 修改文件
path: C:\JCJEjNRVAW .exe
processid: 1572
processname: ufxov.exe
sha1: 45d4f5423286dc3eefa71711b9a2f5e962d59216
sha256: c2ace5d87a654d2e9a45f84edc129c76fc5090a543718b71846a12f1217c1cb6
size: 420128
this_path: /data/cuckoo/storage/analyses/1000077/files/1004/JCJEjNRVAW .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 95d220b7816ef6edfd8bce7a472bd147
name: mnlsx .exe
new_size: 410KB (420128bytes)
operation: 修改文件
path: C:\mnlsx .exe
processid: 1572
processname: ufxov.exe
sha1: 013a91de08c875e44bd2a7f3a01abf36143c6fa7
sha256: 485ee99d6d755272ea287d577e670ab7566a7a9d2424e07005aea1bb033c03d8
size: 420128
this_path: /data/cuckoo/storage/analyses/1000077/files/1005/mnlsx .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: e77af142e047429cd472f1ea6726cfe6
name: MSOCache .exe
new_size: 410KB (420128bytes)
operation: 修改文件
path: C:\MSOCache .exe
processid: 1572
processname: ufxov.exe
sha1: e7ecc1f4fd6c1e9e534c9417f0bd997f51f24696
sha256: 89183a4ad75504ec4111dc473abfbb0ffb9a4043997aadba18fcfd555808aa32
size: 420128
this_path: /data/cuckoo/storage/analyses/1000077/files/1006/MSOCache .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: fa04afe37c95e4e9a4d0b0ce2efbf893
name: pagefile.sys .exe
new_size: 410KB (420128bytes)
operation: 修改文件
path: C:\pagefile.sys .exe
processid: 1572
processname: ufxov.exe
sha1: 40ae055bb23008cdb9149389aa4a127649b2793c
sha256: 103fe6db93363a4f0a7e320907be191b9fcc807469ec9ca9233dac13d86fd987
size: 420128
this_path: /data/cuckoo/storage/analyses/1000077/files/1007/pagefile.sys .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 35ef72d21593c159d601d242178a19c1
name: PerfLogs .exe
new_size: 410KB (420128bytes)
operation: 修改文件
path: C:\PerfLogs .exe
processid: 1572
processname: ufxov.exe
sha1: 854f94cee17bcd06a6a6c2b1b47409b078eacef3
sha256: c8de701e1893c7894189df4494057436bfb71b039dd8b909433950841f98f898
size: 420128
this_path: /data/cuckoo/storage/analyses/1000077/files/1008/PerfLogs .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 7eba81a643fbef8926cb91a6304cc9b8
name: Program Files .exe
new_size: 410KB (420128bytes)
operation: 修改文件
path: C:\Program Files .exe
processid: 1572
processname: ufxov.exe
sha1: 2961a8fa762e6a7541b2931ae009cce8bc3e9c5e
sha256: ad7adc55f3b5cd25f8cebebd9a31b6400df7cf89d35c6ab96d1fb1cf97af6645
size: 420128
this_path: /data/cuckoo/storage/analyses/1000077/files/1009/Program Files .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 21fc58b194611f1587b674046fd37a99
name: Program Files (x86) .exe
new_size: 410KB (420128bytes)
operation: 修改文件
path: C:\Program Files (x86) .exe
processid: 1572
processname: ufxov.exe
sha1: 3363d329115b33b5b905dfd7761b61b783d76fb4
sha256: 514201c72db28fcd059f0194d3394d25bd465ed930b537f6b9c40ee1cd624994
size: 420128
this_path: /data/cuckoo/storage/analyses/1000077/files/1010/Program Files (x86) .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 1ea4669cfd1469ce3cb4d28b9286e1a7
name: ProgramData .exe
new_size: 410KB (420128bytes)
operation: 修改文件
path: C:\ProgramData .exe
processid: 1572
processname: ufxov.exe
sha1: c8f3673f40635da62f4cc8ed425ebc78718a1920
sha256: ace6d4f632613e5a43b2dcdda4f575417987cbcfe25fa463685bfff635544deb
size: 420128
this_path: /data/cuckoo/storage/analyses/1000077/files/1011/ProgramData .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 4dbcaf5ad55c56b96b8582a2e3e3e99e
name: Python27 .exe
new_size: 410KB (420128bytes)
operation: 修改文件
path: C:\Python27 .exe
processid: 1572
processname: ufxov.exe
sha1: 269e50e7e802eec6f286edd132e883560103a106
sha256: d032c1f83b881f81b6a37d2ea343859761bceda1bee1b2d8418c56dcfc63caca
size: 420128
this_path: /data/cuckoo/storage/analyses/1000077/files/1012/Python27 .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: fd3d35a0cc5fcf96fb0a5b3b9f6a425e
name: Recovery .exe
new_size: 410KB (420128bytes)
operation: 修改文件
path: C:\Recovery .exe
processid: 1572
processname: ufxov.exe
sha1: e498477c1d91e86d53a9b9575542614b1afd5745
sha256: 10c1f47ca6c158fde8fda927d1ea9fa562e96bbd9f582d8f1aa910cba4f4f0a1
size: 420128
this_path: /data/cuckoo/storage/analyses/1000077/files/1013/Recovery .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: f0f649e2545b6f9e4cd4a09c9baa025d
name: System Volume Information .exe
new_size: 410KB (420128bytes)
operation: 修改文件
path: C:\System Volume Information .exe
processid: 1572
processname: ufxov.exe
sha1: 8a05009f669726c3cac87d008d70d14d9e88d71d
sha256: 0138c26e8ff97635e0148b82df5e5413ca21dc347beeb4ad10c861410e21e5e5
size: 420128
this_path: /data/cuckoo/storage/analyses/1000077/files/1014/System Volume Information .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 2a7d2709e616cd31c7a003e27aa226bb
name: Users .exe
new_size: 368KB (377118bytes)
operation: 修改文件
path: C:\Users .exe
processid: 1572
processname: ufxov.exe
sha1: 4447328c3113771c325f478e9ccf6a058cd2a64e
sha256: 6e1f3065c0f0c0e3b618c73ccd12bd7dbe990a7fc2a1cd22f0d1a95b754fb9b6
size: 377118
this_path: /data/cuckoo/storage/analyses/1000077/files/1015/Users .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows

 Dropped Unsave

analysis_result: Trojan.Win32.Agent.nezvfi
create: 0
how: write
md5: fbf5994c54e0b911133b34e76c2ca091
name: ufxov.exe
new_size: 259KB (265794bytes)
operation: 修改文件
path: C:\ProgramData\ufxov.exe
processid: 768
processname: 1620970254288_a9d1d64070d8b92e178be1618a9ddfaf.exe
sha1: de776a74b7baae647e176609d9ab01c0d40b3dcb
sha256: e694b5010bcebfdb3b1736d207364fa5bdafd3d4bc150cb042aa8e2457c8f8ea
size: 265794
this_path: /data/cuckoo/storage/analyses/1000077/files/1000/ufxov.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows

 Malicious

attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 3
process_id: 768
process_name: 1620970254288_a9d1d64070d8b92e178be1618a9ddfaf.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 30
process_id: 768
process_name: 1620970254288_a9d1d64070d8b92e178be1618a9ddfaf.exe
rulename: 遍历文件
attck_tactics: 防御逃逸
level: 2
matchedinfo: 通过修改查看隐藏文件设置,达到隐藏文件的目的
num: 180
process_id: 768
process_name: 1620970254288_a9d1d64070d8b92e178be1618a9ddfaf.exe
rulename: 获取隐藏文件设置
attck_tactics: 持久化
level: 2
matchedinfo: 恶意程序通过修改注册表的方式实现随系统自启动,以达到长期控制或驻留系统的目的
num: 8
process_id: 1572
process_name: ufxov.exe
rulename: 写入自启动注册表,增加自启动2
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 18
process_id: 1572
process_name: ufxov.exe
rulename: 遍历文件