VirSCAN VirSCAN

1, 你可以上传任何文件,但是文件的尺寸不能超过20兆。
2, 我们支持RAR或ZIP格式的自动解压缩,但压缩文件中不能包含超过20个文件。
3, 我们可以识别并检测密码为 'infected' 或 'virus' 的压缩文件包。
4, 如果您的浏览器无法上传文件,请下载Virscan Uploader进行上传。

选择语言
服务器负载
Server Load
VirSCAN
VirSCAN

1, 你可以上传任何文件,但是文件的尺寸不能超过20兆。
2, 我们支持RAR或ZIP格式的自动解压缩,但压缩文件中不能包含超过20个文件。
3, 我们可以识别并检测密码为 'infected' 或 'virus' 的压缩文件包。
4, 如果您的浏览器无法上传文件,请下载夸克浏览器。

基本信息

文件名称: 00复活
文件大小: 415461
文件类型: application/x-dosexec
MD5: 946bda966c566da97625d756d1981480
sha1: d43f24a9d650f1135d44ec25d2483a957162245c

 CreateProcess

ApplicationName: C:\ProgramData\eejfh.exe
CmdLine:
childid: 2140
childname: eejfh.exe
childpath: C:\ProgramData\eejfh.exe
drop_type: 1
name: 1621089032047_946bda966c566da97625d756d1981480.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1621089032047_946bda966c566da97625d756d1981480.exe
pid: 912
ApplicationName:
CmdLine:
childid: 912
childname: 1621089032047_946bda966c566da97625d756d1981480.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\1621089032047_946bda966c566da97625d756d1981480.exe
drop_type:
name:
noNeedLine:
path:
pid: 956

 Summary

buffer: C:\ProgramData\eejfh.exe
processid: 2140
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
type: REG_SZ
valuename: Microsoft\xae Windows\xae Operating System

 Dropped_Save

analysis_result: 安全
create: 0
how: write
md5: a52d6cb53c4c31e9f5ad53a356adf9dd
name: Mira.h
new_size: 150KB (153811bytes)
operation: 修改文件
path: C:\ProgramData\Saaaalamm\Mira.h
processid: 912
processname: 1621089032047_946bda966c566da97625d756d1981480.exe
sha1: 4e9b2d208dc3c3a6e23decb0a7d7381c73f7b101
sha256: f6bc441488529eadccfef115d11fa10c5cb8cb125b6c08c52a2bbc144bd4f7d8
size: 153811
this_path: /data/cuckoo/storage/analyses/4000466/files/1001/Mira.h
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: d569f14595b0c47d541f490a026b503e
name: $Recycle.Bin .exe
new_size: 405KB (415463bytes)
operation: 修改文件
path: C:\$Recycle.Bin .exe
processid: 2140
processname: eejfh.exe
sha1: a60ee82231e677df17abda35c9262992c278a3c2
sha256: 25cda86cdbadb302aef2730bf6921e73ca7dce5e2579624c505d3676dc95c22b
size: 415463
this_path: /data/cuckoo/storage/analyses/4000466/files/1002/$Recycle.Bin .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 1fd55c4bdfedc6381868dda713998f49
name: Documents and Settings .exe
new_size: 405KB (415463bytes)
operation: 修改文件
path: C:\Documents and Settings .exe
processid: 2140
processname: eejfh.exe
sha1: 93d2eca38d847fe464f180c6f7ab781725ee6295
sha256: 92575cc823ece9861544cd3c852ed9f40103203877862125a10c3cdea7dc1df2
size: 415463
this_path: /data/cuckoo/storage/analyses/4000466/files/1003/Documents and Settings .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 4f7df641324378454e6fba993dda692f
name: EPONWYQERY .exe
new_size: 405KB (415463bytes)
operation: 修改文件
path: C:\EPONWYQERY .exe
processid: 2140
processname: eejfh.exe
sha1: d8220d84b434e7c85a00b1e2e814ec3a819e74bc
sha256: f5951c8a5ed3d65870c70ed2568deb157703d0b4856e4f6a1a9acde93924929e
size: 415463
this_path: /data/cuckoo/storage/analyses/4000466/files/1004/EPONWYQERY .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: aebcb53773aeb26e56025c92e2147bbc
name: mjDZHeKLjn .exe
new_size: 405KB (415463bytes)
operation: 修改文件
path: C:\mjDZHeKLjn .exe
processid: 2140
processname: eejfh.exe
sha1: 4d114874a03a14b830f3ef8fb0a8bb6af19f663d
sha256: 15098f4956cda31f1168801c10b69a90519ed935e428b3535f537f02c13585cd
size: 415463
this_path: /data/cuckoo/storage/analyses/4000466/files/1005/mjDZHeKLjn .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: ef876ff0db2911c7f4c79ab799b83a23
name: mnlsx .exe
new_size: 405KB (415463bytes)
operation: 修改文件
path: C:\mnlsx .exe
processid: 2140
processname: eejfh.exe
sha1: f984338f10d03e7eb20b4a9d1189e99eb257b111
sha256: 8efd08186fc1d6f5df84ec17694573b5c345989fb8e70e08983eed23e11877a1
size: 415463
this_path: /data/cuckoo/storage/analyses/4000466/files/1006/mnlsx .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: be658660a25bce6e32dbce6bb4ac0ebb
name: MSOCache .exe
new_size: 405KB (415463bytes)
operation: 修改文件
path: C:\MSOCache .exe
processid: 2140
processname: eejfh.exe
sha1: 001798d221b07a978d05fe4f84e3701374a77539
sha256: f351600388f4598e7287335059de301a6394b64f8321c82d3f7b695a3a69de9f
size: 415463
this_path: /data/cuckoo/storage/analyses/4000466/files/1007/MSOCache .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 433e6d5b8ee6caff8713bda25346a1a0
name: pagefile.sys .exe
new_size: 405KB (415463bytes)
operation: 修改文件
path: C:\pagefile.sys .exe
processid: 2140
processname: eejfh.exe
sha1: 12db4d0c6866b538f113a065a57fdd75a6c075b4
sha256: 4ddc2bd68b1dfb0a219a960076b7b0672ccca51f7ad1e669bcdf883c637a94e9
size: 415463
this_path: /data/cuckoo/storage/analyses/4000466/files/1008/pagefile.sys .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 0c9a5f08f4ba6d38b14aeca84129bea1
name: PerfLogs .exe
new_size: 405KB (415463bytes)
operation: 修改文件
path: C:\PerfLogs .exe
processid: 2140
processname: eejfh.exe
sha1: 33a5f25c494937a3bca86bac7b540b7db32076a7
sha256: 9c82514cd0326539663053b5a677eaf42300f023f23430957b1d7ec1aa19d706
size: 415463
this_path: /data/cuckoo/storage/analyses/4000466/files/1009/PerfLogs .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: eef3c4e7a3a9dfb43c72a25e1c145c95
name: Program Files .exe
new_size: 405KB (415463bytes)
operation: 修改文件
path: C:\Program Files .exe
processid: 2140
processname: eejfh.exe
sha1: fa747cb3f2f187c9b39976983b8bb51e1de9c247
sha256: c5e4ef3e30f10590990f7456baad2ecbd93ed069ae42c68f6283bed1a1053584
size: 415463
this_path: /data/cuckoo/storage/analyses/4000466/files/1010/Program Files .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: d5f8d27d5513926fd48cc8bf4ba0d850
name: Program Files (x86) .exe
new_size: 405KB (415463bytes)
operation: 修改文件
path: C:\Program Files (x86) .exe
processid: 2140
processname: eejfh.exe
sha1: fc872dc10cefe816f4aab2522244145634ceae8f
sha256: dc42f25feeca63a5306024a0add6affc0c91f95b1eba5a67d0bce98a6e4f97c2
size: 415463
this_path: /data/cuckoo/storage/analyses/4000466/files/1011/Program Files (x86) .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 22085fa9d5854f6650a0fc05f834b118
name: ProgramData .exe
new_size: 405KB (415463bytes)
operation: 修改文件
path: C:\ProgramData .exe
processid: 2140
processname: eejfh.exe
sha1: eb894ca2482fb4c9a8faffe9eb80f945577bd429
sha256: 169302612d091c894d672817bf16fa0ede61b36e0beab76679acbb0db44ed6ab
size: 415463
this_path: /data/cuckoo/storage/analyses/4000466/files/1012/ProgramData .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: a46004136b02353ee600989982681a7f
name: Python27 .exe
new_size: 405KB (415463bytes)
operation: 修改文件
path: C:\Python27 .exe
processid: 2140
processname: eejfh.exe
sha1: 66c58aafc3c770d5258cdb0085513e1a1f14a130
sha256: 7d727464661b5368dcf613c9376d973fbcc2d25c8929e39c271dbf62e41468ef
size: 415463
this_path: /data/cuckoo/storage/analyses/4000466/files/1013/Python27 .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 57fe907a15ca9613983e0b4d4c7563a6
name: Recovery .exe
new_size: 405KB (415463bytes)
operation: 修改文件
path: C:\Recovery .exe
processid: 2140
processname: eejfh.exe
sha1: 7b04ae6f04c24c28fa03493dee48328ebe4dfc5b
sha256: 09df6f379cbdf7f2f9560f0fe70aa99c6504079bd56f2eafb0ab141d15e026dc
size: 415463
this_path: /data/cuckoo/storage/analyses/4000466/files/1014/Recovery .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: d3f69ac28af0052c51fb6c59f485b377
name: System Volume Information .exe
new_size: 405KB (415463bytes)
operation: 修改文件
path: C:\System Volume Information .exe
processid: 2140
processname: eejfh.exe
sha1: 3b30042659b83042eadb649b34357e48306124d0
sha256: 6b65ec324c98696bfc8637a0acd18a9e782ce4f323220a99f9b4025a8dd259c3
size: 415463
this_path: /data/cuckoo/storage/analyses/4000466/files/1015/System Volume Information .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: a520acdb0c0f33f1d753eb333904bec3
name: tjpQDIsKZG .exe
new_size: 405KB (415463bytes)
operation: 修改文件
path: C:\tjpQDIsKZG .exe
processid: 2140
processname: eejfh.exe
sha1: 3283705e31d3032664fca5b34c960967cbb515cd
sha256: 69dde47f06e3b461914c07e690713e90d0c2f6d04deef67572a85fb7da9bc8c1
size: 415463
this_path: /data/cuckoo/storage/analyses/4000466/files/1016/tjpQDIsKZG .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 573ad7fcbbad476674fb4e5323d31fb0
name: Users .exe
new_size: 187KB (191624bytes)
operation: 修改文件
path: C:\Users .exe
processid: 2140
processname: eejfh.exe
sha1: 4c2297e1f6740743b54d733d17c9adc1dc1c6305
sha256: 0533c825931af02407868a23006a1064c13cec4eceaa5df6c979034672165ab7
size: 191624
this_path: /data/cuckoo/storage/analyses/4000466/files/1017/Users .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows

 Dropped Unsave

analysis_result: Trojan.Win32.Agent.nezvfi
create: 0
how: write
md5: 647c19c7fedf9d04a789fe7596d7837d
name: eejfh.exe
new_size: 255KB (261640bytes)
operation: 修改文件
path: C:\ProgramData\eejfh.exe
processid: 912
processname: 1621089032047_946bda966c566da97625d756d1981480.exe
sha1: a8df1ab5a64108fac5eed6c8ee3863159a1952b1
sha256: 2803aeeafbf30c354d7154ffbe3cf7934726c05e3b3e0caf02648485460f781f
size: 261640
this_path: /data/cuckoo/storage/analyses/4000466/files/1000/eejfh.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows

 Malicious

attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 3
process_id: 912
process_name: 1621089032047_946bda966c566da97625d756d1981480.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 30
process_id: 912
process_name: 1621089032047_946bda966c566da97625d756d1981480.exe
rulename: 遍历文件
attck_tactics: 防御逃逸
level: 2
matchedinfo: 通过修改查看隐藏文件设置,达到隐藏文件的目的
num: 180
process_id: 912
process_name: 1621089032047_946bda966c566da97625d756d1981480.exe
rulename: 获取隐藏文件设置
attck_tactics: 持久化
level: 2
matchedinfo: 恶意程序通过修改注册表的方式实现随系统自启动,以达到长期控制或驻留系统的目的
num: 8
process_id: 2140
process_name: eejfh.exe
rulename: 写入自启动注册表,增加自启动2
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 18
process_id: 2140
process_name: eejfh.exe
rulename: 遍历文件