VirSCAN VirSCAN

1, Ви можете надсилати файли для перевірки розміром не більше 20 мб.
2, VirSCAN перевіряє Rar/Zip файли, але не більше 20-ти файлів.
3, VirSCAN може перевіряти заархівовані файли з наступними паролями 'infected' або 'virus'.
4, Якщо ваш переглядач не може вивантажити файли, будь ласка, звантажити вивантаження VirSCAN.

Мова
Завантаження сервера
Server Load
VirSCAN
VirSCAN

1, Ви можете надсилати файли для перевірки розміром не більше 20 мб.
2, VirSCAN перевіряє Rar/Zip файли, але не більше 20-ти файлів.
3, VirSCAN може перевіряти заархівовані файли з наступними паролями 'infected' або 'virus'.

Основна інформація

Ім'я файлу: 00装台
Розмір файлу: 420162
Тип файлу: application/x-dosexec
MD5: e66dcfd960c7e3370b0fba9fbe81cde5
sha1: a0b41e316cbbdcb8d80b8892495ef9bd268ca674

 CreateProcess

ApplicationName: C:\ProgramData\rlqne.exe
CmdLine:
childid: 772
childname: rlqne.exe
childpath: C:\ProgramData\rlqne.exe
drop_type: 1
name: 1620585032081_e66dcfd960c7e3370b0fba9fbe81cde5.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1620585032081_e66dcfd960c7e3370b0fba9fbe81cde5.exe
pid: 1392
ApplicationName:
CmdLine:
childid: 1392
childname: 1620585032081_e66dcfd960c7e3370b0fba9fbe81cde5.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\1620585032081_e66dcfd960c7e3370b0fba9fbe81cde5.exe
drop_type:
name:
noNeedLine:
path:
pid: 2924

 Summary

buffer: C:\ProgramData\rlqne.exe
processid: 772
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
type: REG_SZ
valuename: Microsoft\xae Windows\xae Operating System

 Dropped_Save

analysis_result: 安全
create: 0
how: write
md5: aef10b9ba25f907727558514f2dfbab0
name: Mira.h
new_size: 150KB (154322bytes)
operation: 修改文件
path: C:\ProgramData\Saaaalamm\Mira.h
processid: 1392
processname: 1620585032081_e66dcfd960c7e3370b0fba9fbe81cde5.exe
sha1: d67383ef1b23d4da72339d66de9541c2e1efaf53
sha256: f5e77ddc706f6dffe056dc2f8a88adece36e0e4552bc70a85f36b1e01fe547ad
size: 154322
this_path: /data/cuckoo/storage/analyses/6000482/files/1001/Mira.h
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 3e748f78a5609ece1e6c140f5b751ef5
name: $Recycle.Bin .exe
new_size: 410KB (420164bytes)
operation: 修改文件
path: C:\$Recycle.Bin .exe
processid: 772
processname: rlqne.exe
sha1: 901b8f5096804d0c71a2455b2cdd29901121cdd3
sha256: c5bb656f01770f9c0bd209eee3a3c544a4a5a7b45e90dbdf0169dac55633a15b
size: 420164
this_path: /data/cuckoo/storage/analyses/6000482/files/1002/$Recycle.Bin .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 7cb1f8261d733b79231f57b377576102
name: ChQqZI .exe
new_size: 410KB (420164bytes)
operation: 修改文件
path: C:\ChQqZI .exe
processid: 772
processname: rlqne.exe
sha1: d95e9fa587e6d64a6365e5ea58ea3ff7f136d33d
sha256: f3b807b991d8779d913d3a2ee421069f6d4e53135fe3927373670e6d2a0c03c3
size: 420164
this_path: /data/cuckoo/storage/analyses/6000482/files/1003/ChQqZI .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: a4bad7e8db48ea9e01ac2afee217d0a9
name: Documents and Settings .exe
new_size: 410KB (420164bytes)
operation: 修改文件
path: C:\Documents and Settings .exe
processid: 772
processname: rlqne.exe
sha1: 05c663e3424ddeb85105b25a1d86188d68dc64de
sha256: 3b1e4c4ad9b7eaf4f60561008975b3769f6f1d96adf4f15c4699862d5e1a8257
size: 420164
this_path: /data/cuckoo/storage/analyses/6000482/files/1004/Documents and Settings .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: d09c7ad82b4c2b035948edb493bce450
name: mnlsx .exe
new_size: 410KB (420164bytes)
operation: 修改文件
path: C:\mnlsx .exe
processid: 772
processname: rlqne.exe
sha1: ebe0e770e42d27d55e0a367b2d57b6c4eb1d54f6
sha256: 2aaf307ace152072d2b5e7954c8c0a773f74e03855ef1fa4b23ca62ed762b9cf
size: 420164
this_path: /data/cuckoo/storage/analyses/6000482/files/1005/mnlsx .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: e2e7acc328d2bb0260798a7c222f1425
name: MSOCache .exe
new_size: 410KB (420164bytes)
operation: 修改文件
path: C:\MSOCache .exe
processid: 772
processname: rlqne.exe
sha1: 7a6756ece80381c52169895ad128c2de03881ca7
sha256: c36867423540386c15fd3a2b2b588ffdb14e999707445979860b5836b7623d5c
size: 420164
this_path: /data/cuckoo/storage/analyses/6000482/files/1006/MSOCache .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 07fb049bbc5fd25371728c3bc304cc98
name: otnnxkfJL .exe
new_size: 410KB (420164bytes)
operation: 修改文件
path: C:\otnnxkfJL .exe
processid: 772
processname: rlqne.exe
sha1: 4974e1be6ee84b99b8f08b4f2e024cad6bb95dcc
sha256: b5d033f128fb557f74b3f30859ede411faa608db83a405394826c9dedb3e5246
size: 420164
this_path: /data/cuckoo/storage/analyses/6000482/files/1007/otnnxkfJL .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: e78f6e6019b2b74db13d3b3d9b9aceb8
name: OXWCJDLNXS .exe
new_size: 410KB (420164bytes)
operation: 修改文件
path: C:\OXWCJDLNXS .exe
processid: 772
processname: rlqne.exe
sha1: a95628f4710ae2727a21e8c682149975c0ff0ea3
sha256: c96711963f7e0706abe0f38af86b887c80248c3b79418edfb8d21e9761c6ad82
size: 420164
this_path: /data/cuckoo/storage/analyses/6000482/files/1008/OXWCJDLNXS .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 323f12044ff6298aaec06a7d499eff34
name: pagefile.sys .exe
new_size: 410KB (420164bytes)
operation: 修改文件
path: C:\pagefile.sys .exe
processid: 772
processname: rlqne.exe
sha1: 70c173b43f256111783d4b4507a295512c276980
sha256: 891c1260a9c06a56babfefa0cc63d59066c13f9a26b94f6900cc7f6de5911e98
size: 420164
this_path: /data/cuckoo/storage/analyses/6000482/files/1009/pagefile.sys .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 6357fb13c8290f5ab846c2c1dd55d508
name: PerfLogs .exe
new_size: 410KB (420164bytes)
operation: 修改文件
path: C:\PerfLogs .exe
processid: 772
processname: rlqne.exe
sha1: d7b6ddbb7cd2ccbdabd8089f7c6c4322759eda19
sha256: 663e0c24924ab186c03863303277fcd84a0ba803225231787d631fe1ef7ac8b8
size: 420164
this_path: /data/cuckoo/storage/analyses/6000482/files/1010/PerfLogs .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: c0d619a077330ea691f7a219b51aea4b
name: Program Files .exe
new_size: 410KB (420164bytes)
operation: 修改文件
path: C:\Program Files .exe
processid: 772
processname: rlqne.exe
sha1: 40a4d9c2bb797a66a9cb45c27a12026835945869
sha256: 9b315f7946917798010008a30813f989f011cdb18b6ad38a6350b5f4433a23b1
size: 420164
this_path: /data/cuckoo/storage/analyses/6000482/files/1011/Program Files .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 34a711fa3f92a7a5485c59aa4d0df6df
name: Program Files (x86) .exe
new_size: 410KB (420164bytes)
operation: 修改文件
path: C:\Program Files (x86) .exe
processid: 772
processname: rlqne.exe
sha1: f163c38c374b37c82fdd02128d2a6f1095e5121b
sha256: 35c462fc40a5211ac95e9bc62cbcad4042e4e66e773e2ad36c9a7138b0bfa451
size: 420164
this_path: /data/cuckoo/storage/analyses/6000482/files/1012/Program Files (x86) .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 0130c210796f641c0cc529342d70a298
name: ProgramData .exe
new_size: 410KB (420164bytes)
operation: 修改文件
path: C:\ProgramData .exe
processid: 772
processname: rlqne.exe
sha1: fbf942bd76326e0091164f1f4a0463b4371c8a2f
sha256: 2d3f32d5d1cee95f7336cc20fcfff3664c3319b65fae2e0f474428c9a6d1d3ca
size: 420164
this_path: /data/cuckoo/storage/analyses/6000482/files/1013/ProgramData .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 3328362b201e52c77c66afec0f55549a
name: Python27 .exe
new_size: 410KB (420164bytes)
operation: 修改文件
path: C:\Python27 .exe
processid: 772
processname: rlqne.exe
sha1: c9e087d4d17b3b8066e3ffdd0b58ddf8f10269b5
sha256: 86b54ccfe9d7e6693f52ad85562d3a614b40849a7c4acd8fca1e403659552725
size: 420164
this_path: /data/cuckoo/storage/analyses/6000482/files/1014/Python27 .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 723689e93efd1135b41dd55ee97ebc47
name: quVvHWZOpm .exe
new_size: 410KB (420164bytes)
operation: 修改文件
path: C:\quVvHWZOpm .exe
processid: 772
processname: rlqne.exe
sha1: 23cb9183fe23d5e20684c9c67757b7d999b1ca72
sha256: ccbcdc1897509d4af922560a60bd821be595d866b540f4e0fffde38545509856
size: 420164
this_path: /data/cuckoo/storage/analyses/6000482/files/1015/quVvHWZOpm .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 78f73b2277c1f30e904fa1dfc78e8767
name: Recovery .exe
new_size: 410KB (420164bytes)
operation: 修改文件
path: C:\Recovery .exe
processid: 772
processname: rlqne.exe
sha1: 87ffcccd4c29138c3f46a10a391a321bf8d2f902
sha256: 86d147c876093c6ed23e70ab6a0f0ea6edae18898167da00af7125075656bd56
size: 420164
this_path: /data/cuckoo/storage/analyses/6000482/files/1016/Recovery .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: e71b46afb59385ae41b8ec3384108e53
name: System Volume Information .exe
new_size: 394KB (403690bytes)
operation: 修改文件
path: C:\System Volume Information .exe
processid: 772
processname: rlqne.exe
sha1: 8c86d6df0794434d340e70b17e769e49bfbd29c6
sha256: c13a33259ba35d9bf870c40a31ad762225a9232ff90bccbac23af783bf438d05
size: 403690
this_path: /data/cuckoo/storage/analyses/6000482/files/1017/System Volume Information .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows

 Dropped Unsave

analysis_result: Trojan.Win32.Agent.nezvfi
create: 0
how: write
md5: 5b7683b3b0273097f9b80aa1ab133d7b
name: rlqne.exe
new_size: 259KB (265830bytes)
operation: 修改文件
path: C:\ProgramData\rlqne.exe
processid: 1392
processname: 1620585032081_e66dcfd960c7e3370b0fba9fbe81cde5.exe
sha1: 08fee665dcbd4c7b8acdbb7537b9b34c70729e20
sha256: e68e1f050fb007988fafd19549daf9c913a4bd2f1360c5f4772417cd2c007f6f
size: 265830
this_path: /data/cuckoo/storage/analyses/6000482/files/1000/rlqne.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows

 Malicious

attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 3
process_id: 1392
process_name: 1620585032081_e66dcfd960c7e3370b0fba9fbe81cde5.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 30
process_id: 1392
process_name: 1620585032081_e66dcfd960c7e3370b0fba9fbe81cde5.exe
rulename: 遍历文件
attck_tactics: 防御逃逸
level: 2
matchedinfo: 通过修改查看隐藏文件设置,达到隐藏文件的目的
num: 180
process_id: 1392
process_name: 1620585032081_e66dcfd960c7e3370b0fba9fbe81cde5.exe
rulename: 获取隐藏文件设置
attck_tactics: 持久化
level: 2
matchedinfo: 恶意程序通过修改注册表的方式实现随系统自启动,以达到长期控制或驻留系统的目的
num: 8
process_id: 772
process_name: rlqne.exe
rulename: 写入自启动注册表,增加自启动2
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 18
process_id: 772
process_name: rlqne.exe
rulename: 遍历文件