VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load
核武器CC攻击器-穿盾版.exe    Threatbook file behavior analysis report
Virscan.org multi-engine scan report
Basic Information
file name:核武器CC攻击器-穿盾版.exe
file type:EXEx86
Submission time:2019-01-12 23:02:02
Threat level:malicious
MD5:6e1ed17c9e7e7e90f83d776ed6b4ed3e
sha256:ccd7c1259345770770369ee51cd8716257bd612eea82ed8e28395db2fc3634af
Document Threat Intelligence IOC Report
No intelligence IOC detected
Intelligence decision system
Undetected intelligence determination system
Network behavior report
domains:0
dns:0
http:0
Document release report
File release report not detected
File process number report
Process details:0
                  
Document behavior signature report
Low risk behavior
General behavior:Contains ability to find and load resources of a specific module
Low risk behavior
System Environment Detection:Contains functionality to query system information
Low risk behavior
Static File Characteristics:Found potential IP address or url in binary/memory
Low risk behavior
System Environment Detection:Reads the active computer name
可疑行为
System Sensitive Operations:Contains functionality to enum processes or threads
可疑行为
Information gathering:Contains functionality to retrieve information about pressed keystrokes
可疑行为
Anti-detection Technology:Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available
可疑行为
Reverse Engineering:The binary likely contains encrypted or compressed data indicative of a packer
可疑行为
Reverse Engineering:The executable is likely packed with VMProtect
Static information
PE section table information
Section name:.text
Virtual address:0x00001000
Physical address:0x00000000
Physical size:0x00000000
Section permissions:R-E
Section name:.rdata
Virtual address:0x000b3000
Physical address:0x00000000
Physical size:0x00000000
Section permissions:R--
Section name:.data
Virtual address:0x000ee000
Physical address:0x00000000
Physical size:0x00000000
Section permissions:RW-
Section name:.vmp0
Virtual address:0x0012a000
Physical address:0x00000000
Physical size:0x00000000
Section permissions:RWE
Section name:.vmp1
Virtual address:0x00210000
Physical address:0x00001000
Physical size:0x00176000
Section permissions:RWE
Section name:.rsrc
Virtual address:0x00386000
Physical address:0x00177000
Physical size:0x00002000
Section permissions:R--
PE basic information
import_hash:577c2f8e43bf7789477332cb5421caf5
time_stamp:2015-08-10 13:49:06
entry_point_section:.vmp1
entry_point_section:.vmp1
image_base:0x400000
entry_point:0x249315
PE resource information
name:RT_ICON
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x003861c4
size:0x000002e8
name:RT_ICON
language:LANG_CHINESE
filetype:GLS_BINARY_LSB_FIRST
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x003864ac
size:0x00000128
name:RT_ICON
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x003865d4
size:0x000010a8
name:RT_GROUP_ICON
language:LANG_NEUTRAL
filetype:MS Windows icon resource - 1 icon
sublanguage:SUBLANG_NEUTRAL
offset:0x0038767c
size:0x00000014
name:RT_GROUP_ICON
language:LANG_CHINESE
filetype:MS Windows icon resource - 1 icon
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x00387690
size:0x00000014
name:RT_GROUP_ICON
language:LANG_CHINESE
filetype:MS Windows icon resource - 1 icon
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x003876a4
size:0x00000014
name:RT_VERSION
language:LANG_CHINESE
filetype:COM executable for DOS
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x003876b8
size:0x000002b8

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号