VirSCAN VirSCAN

1, 你可以上传任何文件,但是文件的尺寸不能超过20兆。
2, 我们支持RAR或ZIP格式的自动解压缩,但压缩文件中不能包含超过20个文件。
3, 我们可以识别并检测密码为 'infected' 或 'virus' 的压缩文件包。
4, 如果您的浏览器无法上传文件,请下载Virscan Uploader进行上传。

选择语言
服务器负载
Server Load
VirSCAN
VirSCAN

1, 你可以上传任何文件,但是文件的尺寸不能超过20兆。
2, 我们支持RAR或ZIP格式的自动解压缩,但压缩文件中不能包含超过20个文件。
3, 我们可以识别并检测密码为 'infected' 或 'virus' 的压缩文件包。
4, 如果您的浏览器无法上传文件,请下载夸克浏览器。

基本信息

文件名称: 00隐杀
文件大小: 420651
文件类型: application/x-dosexec
MD5: d6df650c8663366b66f2792f37882ae6
sha1: 86b5d2d6defa3403c7ca67404e3ac746672d315b

 CreateProcess

ApplicationName: C:\ProgramData\vujce.exe
CmdLine:
childid: 2296
childname: vujce.exe
childpath: C:\ProgramData\vujce.exe
drop_type: 1
name: 1621227648302_d6df650c8663366b66f2792f37882ae6.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1621227648302_d6df650c8663366b66f2792f37882ae6.exe
pid: 840
ApplicationName:
CmdLine:
childid: 840
childname: 1621227648302_d6df650c8663366b66f2792f37882ae6.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\1621227648302_d6df650c8663366b66f2792f37882ae6.exe
drop_type:
name:
noNeedLine:
path:
pid: 240

 Summary

buffer: C:\ProgramData\vujce.exe
processid: 2296
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
type: REG_SZ
valuename: Microsoft\xae Windows\xae Operating System

 Dropped_Save

analysis_result: 安全
create: 0
how: write
md5: a52d6cb53c4c31e9f5ad53a356adf9dd
name: Mira.h
new_size: 150KB (153811bytes)
operation: 修改文件
path: C:\ProgramData\Saaaalamm\Mira.h
processid: 840
processname: 1621227648302_d6df650c8663366b66f2792f37882ae6.exe
sha1: 4e9b2d208dc3c3a6e23decb0a7d7381c73f7b101
sha256: f6bc441488529eadccfef115d11fa10c5cb8cb125b6c08c52a2bbc144bd4f7d8
size: 153811
this_path: /data/cuckoo/storage/analyses/785/files/1001/Mira.h
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 62c6792e4322efd3de27483f21aa67b1
name: $Recycle.Bin .exe
new_size: 410KB (420653bytes)
operation: 修改文件
path: C:\$Recycle.Bin .exe
processid: 2296
processname: vujce.exe
sha1: 48d9407b35f7d5bb4aee1d224f9d43ea650f8ebb
sha256: e35df7990fae77f31d28218473971b414cae1c0ba12e8c17190ff098f2e73b01
size: 420653
this_path: /data/cuckoo/storage/analyses/785/files/1002/$Recycle.Bin .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: ef3c2efe5c9c9bb600892a5ab34ce91f
name: Documents and Settings .exe
new_size: 410KB (420653bytes)
operation: 修改文件
path: C:\Documents and Settings .exe
processid: 2296
processname: vujce.exe
sha1: 3b1201d7c567e6743415690f2154b238d29a09fd
sha256: c3a4a180be6f8779e03f5b898fb4bd64f05537aa2bda65c82f1911024d0a72ec
size: 420653
this_path: /data/cuckoo/storage/analyses/785/files/1003/Documents and Settings .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: c2347e5bffadc798b5feb80e40b4c6b7
name: mnlsx .exe
new_size: 410KB (420653bytes)
operation: 修改文件
path: C:\mnlsx .exe
processid: 2296
processname: vujce.exe
sha1: 6c8a4924ea5fa554f5c57ff68a6ba544491070f5
sha256: 06896651156032b4bece8cc95da676dc26e72ba4f24bedf0bed40aec9ff5ae7f
size: 420653
this_path: /data/cuckoo/storage/analyses/785/files/1004/mnlsx .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 0d651dd62442fa4627417457299f2442
name: MSOCache .exe
new_size: 410KB (420653bytes)
operation: 修改文件
path: C:\MSOCache .exe
processid: 2296
processname: vujce.exe
sha1: 36d8929948f06069094b41ef208acbe1574c2e5a
sha256: d36a01383350e44124b260f17f40186a39e77b89c08e91c25107415615e0b42f
size: 420653
this_path: /data/cuckoo/storage/analyses/785/files/1005/MSOCache .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 9b2e7438efe795b690532e182be91ce4
name: pagefile.sys .exe
new_size: 410KB (420653bytes)
operation: 修改文件
path: C:\pagefile.sys .exe
processid: 2296
processname: vujce.exe
sha1: 51fef33a9466a43c297dcdd5f67b9544a23536a8
sha256: 12055b124815f3e4d3485fbaf531db7fccc871e2f93d91326369b5cdaffed335
size: 420653
this_path: /data/cuckoo/storage/analyses/785/files/1006/pagefile.sys .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 12a14ab924300ab9e72a48881f852f0f
name: PerfLogs .exe
new_size: 410KB (420653bytes)
operation: 修改文件
path: C:\PerfLogs .exe
processid: 2296
processname: vujce.exe
sha1: 1f1c2f4b803dde591451927f1158e8f0bbd9bf40
sha256: 2a05dde0984c634b3df23c62cfca1f396f07fbb1fcf4ddf59fc84afcb0b9041d
size: 420653
this_path: /data/cuckoo/storage/analyses/785/files/1007/PerfLogs .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: e10fe1956157be6b73d3aa42571e5735
name: Program Files .exe
new_size: 410KB (420653bytes)
operation: 修改文件
path: C:\Program Files .exe
processid: 2296
processname: vujce.exe
sha1: 5fc7db33ef47677737762d1293c165501e575fc6
sha256: 86e8821f78b290052fae26ff6c80a6f5095fc4423f909797cacc9bc56eac695f
size: 420653
this_path: /data/cuckoo/storage/analyses/785/files/1008/Program Files .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 6fc00aaeb92619ff7168c702cbeeeec8
name: Program Files (x86) .exe
new_size: 410KB (420653bytes)
operation: 修改文件
path: C:\Program Files (x86) .exe
processid: 2296
processname: vujce.exe
sha1: e1886b203684447041032b1cfbed7e233bf08dd0
sha256: c10dc352eae4617ec06bbde1986239e908a2a367d64578aca69d303f5e497637
size: 420653
this_path: /data/cuckoo/storage/analyses/785/files/1009/Program Files (x86) .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: fa10167aae96c59959272b3dded443b1
name: ProgramData .exe
new_size: 410KB (420653bytes)
operation: 修改文件
path: C:\ProgramData .exe
processid: 2296
processname: vujce.exe
sha1: f076216568c960cdf5eca70d89efd3e6b46e7e05
sha256: f0861b90d76a42fba73d06482077117fccf3c3e4568335ee95b3839a84935db5
size: 420653
this_path: /data/cuckoo/storage/analyses/785/files/1010/ProgramData .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 5cfb088c108bc3a35f7bc68a9ca79f1e
name: Python27 .exe
new_size: 410KB (420653bytes)
operation: 修改文件
path: C:\Python27 .exe
processid: 2296
processname: vujce.exe
sha1: e29e6dbdf38365d97b096f32c448c84fe1fa5e1a
sha256: 2741a20148389b89bdbdbba998b77922d6be2ab3842cb382957c19ffe876fd4c
size: 420653
this_path: /data/cuckoo/storage/analyses/785/files/1011/Python27 .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 0b666e6f00d165452663250d2fa7defa
name: Recovery .exe
new_size: 410KB (420653bytes)
operation: 修改文件
path: C:\Recovery .exe
processid: 2296
processname: vujce.exe
sha1: 1be994f9353a8c8b9ddf017f0fca99c7dec0a711
sha256: e9f16dd63c28ac577917bc9f6f536a8450b19052f85ff0cd1442845c485b2676
size: 420653
this_path: /data/cuckoo/storage/analyses/785/files/1012/Recovery .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 55e8fcee77858f0a71e06bd25b28aa57
name: SFTIKAFKJFC .exe
new_size: 410KB (420653bytes)
operation: 修改文件
path: C:\SFTIKAFKJFC .exe
processid: 2296
processname: vujce.exe
sha1: e61f25eaffc5e67c9c4f42ff22815c0ce2a80c3c
sha256: 0959ee1318c8e36ee887f34c2fd8b2e44ac154dbad72b8bf904617f1f0c39942
size: 420653
this_path: /data/cuckoo/storage/analyses/785/files/1013/SFTIKAFKJFC .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 04ca0e2f21601c832217851e5d7f006b
name: SVLkboGzIN .exe
new_size: 410KB (420653bytes)
operation: 修改文件
path: C:\SVLkboGzIN .exe
processid: 2296
processname: vujce.exe
sha1: e0756a6f1f677c90fce58f9fe78157c957ed26d9
sha256: 5643d7950c709ab370caaeef504f485449739492874911544ae68d9305be7e29
size: 420653
this_path: /data/cuckoo/storage/analyses/785/files/1014/SVLkboGzIN .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: d52b887f820999dbf9445614cd0abe39
name: System Volume Information .exe
new_size: 410KB (420653bytes)
operation: 修改文件
path: C:\System Volume Information .exe
processid: 2296
processname: vujce.exe
sha1: 5832f7201c8b2f917494172db7ea4af64027c0df
sha256: bd5d32c6cbf24ab0d386c798bb964c38d6cd25e8f2358160fa82900442ab3052
size: 420653
this_path: /data/cuckoo/storage/analyses/785/files/1015/System Volume Information .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 69fcfaf2315ad40bcefca1f3a2baf559
name: Users .exe
new_size: 410KB (420653bytes)
operation: 修改文件
path: C:\Users .exe
processid: 2296
processname: vujce.exe
sha1: 08fad3bc8493566f534a42d5a2174d72baa70c96
sha256: 58da43a75632c14079f635825c4d0896f6b958af4a047288074895d6318ffec1
size: 420653
this_path: /data/cuckoo/storage/analyses/785/files/1016/Users .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 126530a6085fc57e2a9c70328313a515
name: Windows .exe
new_size: 129KB (132860bytes)
operation: 修改文件
path: C:\Windows .exe
processid: 2296
processname: vujce.exe
sha1: bf68e9676510f6569c6fcd2e72bf728b0a675d99
sha256: 623c65506f13353bca1054bf5df8dee369b3ac0f45b2cbba07e288a3d262b3a8
size: 132860
this_path: /data/cuckoo/storage/analyses/785/files/1017/Windows .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows

 Dropped Unsave

analysis_result: Trojan.Win32.Agent.nezvfi
create: 0
how: write
md5: b1b6fe4713c67080ad00a4e3439e4fd5
name: vujce.exe
new_size: 260KB (266830bytes)
operation: 修改文件
path: C:\ProgramData\vujce.exe
processid: 840
processname: 1621227648302_d6df650c8663366b66f2792f37882ae6.exe
sha1: 70c5846afd74b5dd1a96eb53a0cc763e93088d51
sha256: 1f8d0ccda7d6eaf599290bdd2572ba809b54f7e962819e0f9f888fe8e3624363
size: 266830
this_path: /data/cuckoo/storage/analyses/785/files/1000/vujce.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows

 Malicious

attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 3
process_id: 840
process_name: 1621227648302_d6df650c8663366b66f2792f37882ae6.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 30
process_id: 840
process_name: 1621227648302_d6df650c8663366b66f2792f37882ae6.exe
rulename: 遍历文件
attck_tactics: 防御逃逸
level: 2
matchedinfo: 通过修改查看隐藏文件设置,达到隐藏文件的目的
num: 180
process_id: 840
process_name: 1621227648302_d6df650c8663366b66f2792f37882ae6.exe
rulename: 获取隐藏文件设置
attck_tactics: 持久化
level: 2
matchedinfo: 恶意程序通过修改注册表的方式实现随系统自启动,以达到长期控制或驻留系统的目的
num: 8
process_id: 2296
process_name: vujce.exe
rulename: 写入自启动注册表,增加自启动2
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 18
process_id: 2296
process_name: vujce.exe
rulename: 遍历文件