VirSCAN VirSCAN

1, 你可以上传任何文件,但是文件的尺寸不能超过20兆。
2, 我们支持RAR或ZIP格式的自动解压缩,但压缩文件中不能包含超过20个文件。
3, 我们可以识别并检测密码为 'infected' 或 'virus' 的压缩文件包。
4, 如果您的浏览器无法上传文件,请下载Virscan Uploader进行上传。

选择语言
服务器负载
Server Load
VirSCAN
VirSCAN

1, 你可以上传任何文件,但是文件的尺寸不能超过20兆。
2, 我们支持RAR或ZIP格式的自动解压缩,但压缩文件中不能包含超过20个文件。
3, 我们可以识别并检测密码为 'infected' 或 'virus' 的压缩文件包。
4, 如果您的浏览器无法上传文件,请下载夸克浏览器。

基本信息

文件名称: 00应援
文件大小: 420647
文件类型: application/x-dosexec
MD5: 8470ab77576a637c931652c7905f3056
sha1: 232699c8c5270019accbf01f186756ac9506275e

 CreateProcess

ApplicationName: C:\ProgramData\staogc.exe
CmdLine:
childid: 812
childname: staogc.exe
childpath: C:\ProgramData\staogc.exe
drop_type: 1
name: 1621092613014_8470ab77576a637c931652c7905f3056.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1621092613014_8470ab77576a637c931652c7905f3056.exe
pid: 2792
ApplicationName:
CmdLine:
childid: 2792
childname: 1621092613014_8470ab77576a637c931652c7905f3056.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\1621092613014_8470ab77576a637c931652c7905f3056.exe
drop_type:
name:
noNeedLine:
path:
pid: 268

 Summary

buffer: C:\ProgramData\staogc.exe
processid: 812
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
type: REG_SZ
valuename: Microsoft\xae Windows\xae Operating System

 Dropped_Save

analysis_result: 安全
create: 0
how: write
md5: a52d6cb53c4c31e9f5ad53a356adf9dd
name: Mira.h
new_size: 150KB (153811bytes)
operation: 修改文件
path: C:\ProgramData\Saaaalamm\Mira.h
processid: 2792
processname: 1621092613014_8470ab77576a637c931652c7905f3056.exe
sha1: 4e9b2d208dc3c3a6e23decb0a7d7381c73f7b101
sha256: f6bc441488529eadccfef115d11fa10c5cb8cb125b6c08c52a2bbc144bd4f7d8
size: 153811
this_path: /data/cuckoo/storage/analyses/5000468/files/1001/Mira.h
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: ec288eb6de0b96a114cc683e2beb600e
name: $Recycle.Bin .exe
new_size: 410KB (420649bytes)
operation: 修改文件
path: C:\$Recycle.Bin .exe
processid: 812
processname: staogc.exe
sha1: 090a551acb9d25940261c6f24f35f46bc7641bf4
sha256: 5b81fa62b399c586922333e4c7a7dfea97e2a0b565e894350ff55756ca63ed87
size: 420649
this_path: /data/cuckoo/storage/analyses/5000468/files/1002/$Recycle.Bin .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 3afae1a514b82c42e68ca55db9f90f08
name: AiFUjKn .exe
new_size: 410KB (420649bytes)
operation: 修改文件
path: C:\AiFUjKn .exe
processid: 812
processname: staogc.exe
sha1: 87837a470147f0f5753384d6742423b6ebaebfd6
sha256: 0d2f35d4982db1aa2b21322e9f057f8877bb3015afe442c62b83be824fea0629
size: 420649
this_path: /data/cuckoo/storage/analyses/5000468/files/1003/AiFUjKn .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 83760f4a1c7a91f91e63ef279f86c2e1
name: Documents and Settings .exe
new_size: 410KB (420649bytes)
operation: 修改文件
path: C:\Documents and Settings .exe
processid: 812
processname: staogc.exe
sha1: e144291bb5d32aad7eaa1dfa68c37d74b8184518
sha256: 00ea32c10c97f468b351899b5598c1072f592d7bf9b5bb89c710e2084b504139
size: 420649
this_path: /data/cuckoo/storage/analyses/5000468/files/1004/Documents and Settings .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 41d9f4b7b5b1f77cb8b87bb31d5d136f
name: mnlsx .exe
new_size: 410KB (420649bytes)
operation: 修改文件
path: C:\mnlsx .exe
processid: 812
processname: staogc.exe
sha1: bb0c8d163108f44810d91c534a0653fff737a43e
sha256: cc5f8a7b58fb3722afd7a90d63c139c850f48d263571b97c2889424868cd8255
size: 420649
this_path: /data/cuckoo/storage/analyses/5000468/files/1005/mnlsx .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: ab571898d7dc6f5a6bb8240677f0ec6a
name: MSOCache .exe
new_size: 410KB (420649bytes)
operation: 修改文件
path: C:\MSOCache .exe
processid: 812
processname: staogc.exe
sha1: 4f669ae31a202ca4f5755046c783b2b08cab72c7
sha256: 7d2da0be368bc410667f9cf04b6e8b36ff9c9c68e64cfe9054802d7afa23f004
size: 420649
this_path: /data/cuckoo/storage/analyses/5000468/files/1006/MSOCache .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 8d773c62434adf1d345d6250d50b8fad
name: oYaGvxHTn .exe
new_size: 410KB (420649bytes)
operation: 修改文件
path: C:\oYaGvxHTn .exe
processid: 812
processname: staogc.exe
sha1: 0aa4aa68d580a12ad9bea03ce85141665f0e96cb
sha256: 875ae3b44a8a9181b478f6a00f2dd6d9a1832bedadab0889bc96d783325b7fea
size: 420649
this_path: /data/cuckoo/storage/analyses/5000468/files/1007/oYaGvxHTn .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: f767d9a2828bf4ee497f909e78377827
name: OZZJDMNMNHD .exe
new_size: 410KB (420649bytes)
operation: 修改文件
path: C:\OZZJDMNMNHD .exe
processid: 812
processname: staogc.exe
sha1: 4c9491da4b1ad49334a61afd9e321651763d3384
sha256: 8dba375ecfc571faf2ba7f88128b936c1ef47e97a35c42bc026fd6d9fb68dc7c
size: 420649
this_path: /data/cuckoo/storage/analyses/5000468/files/1008/OZZJDMNMNHD .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 06ca479fc1f83d3bee2739a172905462
name: pagefile.sys .exe
new_size: 410KB (420649bytes)
operation: 修改文件
path: C:\pagefile.sys .exe
processid: 812
processname: staogc.exe
sha1: 9f801ea16df6aa9119ddb7a0d7b316a187995fa3
sha256: ac00f6096427776a23ee76337928a19cf721323a1167030c19c812438de7d159
size: 420649
this_path: /data/cuckoo/storage/analyses/5000468/files/1009/pagefile.sys .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 3d65e2422531f86e2cb445bc30a42887
name: PerfLogs .exe
new_size: 410KB (420649bytes)
operation: 修改文件
path: C:\PerfLogs .exe
processid: 812
processname: staogc.exe
sha1: 3e7d9705703806942340e667dde04f1d0934ccfa
sha256: 236747d3dbbede949d36effc222ed6159ef11be8a4ecdd3e7e5c752e51cd7b24
size: 420649
this_path: /data/cuckoo/storage/analyses/5000468/files/1010/PerfLogs .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 112e33a5df8f9205c1019ea5e6cdf400
name: Program Files .exe
new_size: 410KB (420649bytes)
operation: 修改文件
path: C:\Program Files .exe
processid: 812
processname: staogc.exe
sha1: 9eb0554ec53ec3b7f7dfd5e9365cef39ecd15ee9
sha256: fde4c9310f8e23ebc189c3f7b6d3952d43a5040db5fe0648b9385e444f4ec3cb
size: 420649
this_path: /data/cuckoo/storage/analyses/5000468/files/1011/Program Files .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: e277b1dac5c26fda7b5f26a3d98325ce
name: Program Files (x86) .exe
new_size: 410KB (420649bytes)
operation: 修改文件
path: C:\Program Files (x86) .exe
processid: 812
processname: staogc.exe
sha1: 28532724e6f1188dcb35c2dfc128aa21b41eb3b4
sha256: 26da96081946755c5d74e71df2ec1d36350f01b7218d35f498acb147dfc513a5
size: 420649
this_path: /data/cuckoo/storage/analyses/5000468/files/1012/Program Files (x86) .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: f80636c59cddc85356f0c319cc3d728c
name: ProgramData .exe
new_size: 410KB (420649bytes)
operation: 修改文件
path: C:\ProgramData .exe
processid: 812
processname: staogc.exe
sha1: 72c822308d043a4e40cbf9a5681b5f789f962a05
sha256: 39f4e48ef3f993a7cdb29e29cc1d4920286d9097e5923a38118cad57fcb39898
size: 420649
this_path: /data/cuckoo/storage/analyses/5000468/files/1013/ProgramData .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: d05d4f1ff14bb86265c8a236d0df056f
name: Python27 .exe
new_size: 410KB (420649bytes)
operation: 修改文件
path: C:\Python27 .exe
processid: 812
processname: staogc.exe
sha1: 4f805435821c975be28fd01a8d27d2f35c606fcf
sha256: 84ee8d4ef2b28ba6cec7e05b9ebdf7359af22818de0c49d6516fffd580404590
size: 420649
this_path: /data/cuckoo/storage/analyses/5000468/files/1014/Python27 .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: c2e233dd98e0659c3ed262aedccb3bf9
name: Recovery .exe
new_size: 410KB (420649bytes)
operation: 修改文件
path: C:\Recovery .exe
processid: 812
processname: staogc.exe
sha1: c91ea65a31b356c848b5dbed26a7e0526c411e56
sha256: 8edb1bccc86ba6706fc1ac1943a294d9cb90a1424b7091ec566e5119ad66ff3e
size: 420649
this_path: /data/cuckoo/storage/analyses/5000468/files/1015/Recovery .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 17292d504b6acb14df85c5a2910ec543
name: System Volume Information .exe
new_size: 274KB (281561bytes)
operation: 修改文件
path: C:\System Volume Information .exe
processid: 812
processname: staogc.exe
sha1: 0cb9aab44463b4a54bcd5846228e4f9ed7540151
sha256: 9cd0aa69966fc2f02508ae346bb7e6da77723b1b2d614aced9e259618b1acdd0
size: 281561
this_path: /data/cuckoo/storage/analyses/5000468/files/1016/System Volume Information .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows

 Dropped Unsave

analysis_result: Trojan.Win32.Agent.nezvfi
create: 0
how: write
md5: c837fcd19bc8e50967a2bd0c3934b569
name: staogc.exe
new_size: 260KB (266826bytes)
operation: 修改文件
path: C:\ProgramData\staogc.exe
processid: 2792
processname: 1621092613014_8470ab77576a637c931652c7905f3056.exe
sha1: 6c9d7dc3aea3ea7e54a2b8c88942ede8b567b23f
sha256: d00b8451b5d1576126bfbc576b4a441ea2c12b61586fadb9f3267354e34ab7f4
size: 266826
this_path: /data/cuckoo/storage/analyses/5000468/files/1000/staogc.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows

 Malicious

attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 3
process_id: 2792
process_name: 1621092613014_8470ab77576a637c931652c7905f3056.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 30
process_id: 2792
process_name: 1621092613014_8470ab77576a637c931652c7905f3056.exe
rulename: 遍历文件
attck_tactics: 防御逃逸
level: 2
matchedinfo: 通过修改查看隐藏文件设置,达到隐藏文件的目的
num: 180
process_id: 2792
process_name: 1621092613014_8470ab77576a637c931652c7905f3056.exe
rulename: 获取隐藏文件设置
attck_tactics: 持久化
level: 2
matchedinfo: 恶意程序通过修改注册表的方式实现随系统自启动,以达到长期控制或驻留系统的目的
num: 8
process_id: 812
process_name: staogc.exe
rulename: 写入自启动注册表,增加自启动2
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 18
process_id: 812
process_name: staogc.exe
rulename: 遍历文件