VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load
6b05900ee9712db9842e22c6e68d460d    Threatbook file behavior analysis report
Virscan.org multi-engine scan report
Basic Information
file name:6b05900ee9712db9842e22c6e68d460d
file type:EXEx86
Submission time:2019-02-13 01:04:39
Threat level:malicious
MD5:6b05900ee9712db9842e22c6e68d460d
sha256:3b1ad4cd0833eaf9dee37ea6a8942ad760bd904d0c246dd9ac336f8a8847e54c
Document Threat Intelligence IOC Report
No intelligence IOC detected
Intelligence decision system
Undetected intelligence determination system
Network behavior report
domains:0
dns:0
http:0
hosts:4
hosts:2
Document release report
file name:xbox.info.exe
file type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
file size:170931
MD5:4074b70d0a5ca547a8f32be4e686e006
file name:winzip 8.0 + serial.exe
file type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
file size:170970
MD5:bfb5de83911f3b797e7095879e98529a
file name:quake 4 beta.exe
file type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
file size:170864
MD5:b923c738b8043443acc30aab3c033c46
file name:macromedia flash 5.0 full downloader.exe
file type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
file size:170849
MD5:5b74b78b8d2b425cec74809582360b3b
file name:gladiator fulldownloader.exe
file type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
file size:170765
MD5:0df33b6c938302e3fea4d8497283cff7
file name:cky3 - bam margera world industries alien workshop full downloader.exe
file type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
file size:170841
MD5:2726115474843dc9b7863c49b21e4aa5
file name:warcraft 3 online key generator.exe
file type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
file size:170973
MD5:952ee9b1a64d5ee5910257d746d82202
file name:battle.net key generator (works!!).exe
file type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
file size:170979
MD5:eb73cc45be0dd5c05b021af99eaa5ee6
file name:warcraft 3 battle.net serial generator.exe
file type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
file size:170565
MD5:ec58566af9df35b8e03fe441e73d9f4a
file name:how to hack websites.exe
file type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
file size:170725
MD5:0cd5c8eba00a3bb550d6e3df72c0f56c
file name:shakira fulldownloader.exe
file type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
file size:170687
MD5:ae17948ed76c97b7d46c104838d46d0f
file name:[divx] lord of the rings full downloader.exe
file type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
file size:170628
MD5:6f8f4c761bb688cd84309fcf03aa7ff7
file name:macromedia key generator (all products).exe
file type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
file size:170600
MD5:4f4f03d50352a8b8c24c027b41c038a4
file name:windows xp full downloader.exe
file type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
file size:170774
MD5:a903c2da853446602ced85ad162d0bb9
file name:cat attacks child full downloader.exe
file type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
file size:170984
MD5:86dc8a84fceca03b9b03c5473fa467eb
file name:winrar + crack.exe
file type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
file size:170874
MD5:70984a401a6bc5f188d04e818f3c0a67
file name:aim account stealer downloader.exe
file type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
file size:171001
MD5:739ec12e851953fe3f4de72220ac3c80
file name:key generator for all windows xp versions.exe
file type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
file size:170780
MD5:3951044bdeb1e5a80801091c641e8d2d
file name:sims fulldownloader.exe
file type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
file size:170921
MD5:74db65f69a13d360ccc606e1d025c548
file name:windows xp key generator.exe
file type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
file size:170699
MD5:a61c3f24dba5d6ea93fcf1aa739970a2
file name:britney spears nude.exe
file type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
file size:170727
MD5:e99f444c6c672701fabadecf6e47fc7e
File process number report
Process details:0
        
Document behavior signature report
可疑行为
System Sensitive Operations:Copy itself to other directories
可疑行为
System Sensitive Operations:Creates executable files on the filesystem
可疑行为
Reverse Engineering:The executable is compressed using UPX
高危行为
General behavior:Creates a slightly modified copy of itself
Static information
PE section table information
Section name:UPX0
Virtual address:0x00001000
Physical address:0x00000400
Physical size:0x00018000
Section permissions:RWE
Section name:UPX1
Virtual address:0x00019000
Physical address:0x00018400
Physical size:0x0000d600
Section permissions:RWE
Section name:.rsrc
Virtual address:0x00027000
Physical address:0x00025a00
Physical size:0x00001400
Section permissions:RWE
Section name:.imports
Virtual address:0x00029000
Physical address:0x00026e00
Physical size:0x00000a00
Section permissions:RW-
PE basic information
import_hash:8eb90f63ff7fc0bd388dac1d27b3afce
time_stamp:1992-06-20 06:22:17
entry_point_section:UPX1
entry_point_section:UPX1
image_base:0x400000
entry_point:0x1afd4
PE resource information
name:RT_STRING
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x00023218
size:0x000002ac
name:RT_STRING
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x000234c4
size:0x00000360
name:RT_STRING
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x00023824
size:0x000000f4
name:RT_STRING
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x00023918
size:0x000000c4
name:RT_STRING
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x000239dc
size:0x000002e0
name:RT_STRING
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x00023cbc
size:0x0000035c
name:RT_STRING
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x00024018
size:0x000002b4
name:RT_RCDATA
language:LANG_NEUTRAL
filetype:Sendmail frozen configuration
sublanguage:SUBLANG_NEUTRAL
offset:0x000242cc
size:0x00000010
name:RT_RCDATA
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x000242dc
size:0x000000b4

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号