VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load
5349a77417d8c4de4bb7cd4e51aa24a0    Threatbook file behavior analysis report
Virscan.org multi-engine scan report
Basic Information
file name:5349a77417d8c4de4bb7cd4e51aa24a0
file type:EXEx86
Submission time:2019-03-16 01:03:26
Threat level:malicious
MD5:5349a77417d8c4de4bb7cd4e51aa24a0
sha256:dd10507f8bb96aa5696d29d8078462d2da930c54ebae626cff167c90178c8fa5
Document Threat Intelligence IOC Report
No intelligence IOC detected
Intelligence decision system
Undetected intelligence determination system
Network behavior report
domains
ip:
domain:t.nodsafe.com
ip:
domain:xytets.com
dns
type:A
request:t.nodsafe.com
type:A
request:xytets.com
http:0
udp:0
smtp:0
icmp:0
irc:0
hosts:0
Document release report
file name:CreateProcess.exe
file type:PE32 executable (GUI) Intel 80386, for MS Windows
file size:3584
MD5:bd806ec191d5bad1161bff2eec4401a2
file name:xrpjhbzurmkecxup.exe
file type:PE32 executable (GUI) Intel 80386, for MS Windows
file size:369664
MD5:240e8a7d3815844970ba00ab12f9aa66
file name:hezxrpjhcz.exe
file type:PE32 executable (GUI) Intel 80386, for MS Windows
file size:369664
MD5:bb788fd835144659f65eda434808cc06
file name:xrpjhbzurmkecxup.sys
file type:PE32 executable (native) Intel 80386, for MS Windows
file size:300544
MD5:746fe093bf2ed2664d8e53dbf85fb2e6
file name:dw.ini
file type:data
file size:2242
MD5:e4e9227b9994783652572c4e59e097e9
file name:{68263A97-47CA-11E9-8289-5254008C08A1}.dat
file type:Composite Document File V2 Document, No summary info
file size:4608
MD5:ad5dae89abe106425df87b08aae2850c
file name:RecoveryStore.{68263A95-47CA-11E9-8289-5254008C08A1}.dat
file type:Composite Document File V2 Document, No summary info
file size:5632
MD5:b2dc6ede77816c888ffbd4ecf7df9e3f
file name:RecoveryStore.{68263A95-47CA-11E9-8289-5254008C08A1}.dat
file type:Composite Document File V2 Document, No summary info
file size:5632
MD5:b2dc6ede77816c888ffbd4ecf7df9e3f
file name:search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
file type:PNG image data, 16 x 16, 4-bit colormap, non-interlaced
file size:237
MD5:9fb559a691078558e77d6848202f6541
file name:errorPageStrings[1]
file type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
file size:2949
MD5:e3e4a98353f119b80b323302f26b78fa
file name:httpErrorPagesScripts[1]
file type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
file size:8714
MD5:3f57b781cb3ef114dd0b665151571b7b
file name:i_hezxrpjhcz.exe
file type:PE32 executable (GUI) Intel 80386, for MS Windows
file size:369664
MD5:b5b3ce577280e9b4c362d82f79dbf4c3
file name:{68263a97-47ca-11e9-8289-5254008c08a1}.dat
file type:Composite Document File V2 Document, No summary info
file size:4096
MD5:b1d5d531cf8743cd184d5b1bfd9ee64b
file name:dnserror[1]
file type:HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
file size:1857
MD5:73c70b34b5f8f158d38a94b9d7766515
file name:newerrorpagetemplate[2]
file type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
file size:1310
MD5:cdf81e591d9cbfb47a7f97a2bcdb70b9
File process number report
Process details:共分析了8个进程
Document behavior signature report
Low risk behavior
General behavior:Read or write ini files
Suspicious behavior0
High risk behavior0
Low risk behavior
General behavior:Creates a writable file in a temporary directory
Suspicious behavior0
High risk behavior0
Low risk behavior
System Sensitive Operations:Creates executable files on the filesystem
Suspicious behavior0
High risk behavior0
Low risk behavior
General behavior:Contains ability to find and load resources of a specific module
Suspicious behavior0
High risk behavior0
Low risk behavior
System Environment Detection:Contains functionality to query system information
Suspicious behavior0
High risk behavior0
Low risk behavior
General behavior:This executable has a PDB path
Suspicious behavior0
High risk behavior0
Low risk behavior
Static File Characteristics:Found potential IP address or url in binary/memory
Suspicious behavior0
High risk behavior0
Low risk behavior
Information gathering:Queries the internet cache settings (often used to hide footprints in index.dat or internet cache)
Suspicious behavior0
High risk behavior0
Low risk behavior
System Environment Detection:Reads the active computer name
Suspicious behavior0
High risk behavior0
Low risk behavior
System Environment Detection:Searches for the Microsoft Outlook file path
Suspicious behavior0
High risk behavior0
Low risk behavior0
Suspicious behavior
Anti-detection Technology:Checks whether any human activity is being performed by constantly checking whether the foreground window changed
High risk behavior0
Low risk behavior0
Suspicious behavior
Reverse Engineering:A process attempted to delay the analysis task.
High risk behavior0
Low risk behavior0
Suspicious behavior
Anti-detection Technology:Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation
High risk behavior0
Low risk behavior0
Suspicious behavior
Reverse Engineering:Checks if process is being debugged by a debugger
High risk behavior0
Low risk behavior0
Suspicious behavior
General behavior:Creates driver files
High risk behavior0
Low risk behavior0
Suspicious behavior
System Sensitive Operations:Contains functionality to enum processes or threads
High risk behavior0
Low risk behavior0
Suspicious behavior
Information gathering:Contains functionality to retrieve information about pressed keystrokes
High risk behavior0
Low risk behavior0
Suspicious behavior
Static File Characteristics:YARA signature match
High risk behavior0
Low risk behavior0
Suspicious behavior
System Sensitive Operations:May modify the system service descriptor table (often done to hook functions)
High risk behavior0
Low risk behavior0
Suspicious behavior
High risk behavior0
Low risk behavior0
Suspicious behavior
System Sensitive Operations:Modify internet zones
High risk behavior0
Low risk behavior0
Suspicious behavior
System Sensitive Operations:Modifies proxy settings
High risk behavior0
Low risk behavior0
Suspicious behavior
Anti-detection Technology:Checks adapter addresses which can be used to detect virtual network interfaces
High risk behavior0
Low risk behavior0
Suspicious behavior
System Sensitive Operations:Checks for the Locally Unique Identifier on the system for a suspicious privilege
High risk behavior0
Low risk behavior0
Suspicious behavior
System Environment Detection:Repeatedly searches for a not-found process, you may want to run a web browser during analysis
High risk behavior0
Low risk behavior0
Suspicious behavior
Information gathering:Queries sensitive IE security settings
High risk behavior0
Low risk behavior0
Suspicious behavior
System Environment Detection:Scans for the windows taskbar (often used for explorer injection)
High risk behavior0
Low risk behavior0
Suspicious behavior
Information gathering:Steals Internet Explorer cookies
High risk behavior0
Low risk behavior0
Suspicious behavior0
High risk behavior
Low risk behavior0
Suspicious behavior0
High risk behavior
General behavior:Creates a slightly modified copy of itself
Low risk behavior0
Suspicious behavior0
High risk behavior
General behavior:Expresses interest in specific running processes
Static information
Section name:.text
Virtual address:0x00001000
Physical address:0x00000400
Physical size:0x00008200
Section permissions:R-E
Section name:.rdata
Virtual address:0x0000a000
Physical address:0x00008600
Physical size:0x00002800
Section permissions:R--
Section name:.data
Virtual address:0x0000d000
Physical address:0x0000ae00
Physical size:0x0004ba00
Section permissions:RW-
Section name:.rsrc
Virtual address:0x0005a000
Physical address:0x00056800
Physical size:0x00002a00
Section permissions:R--
Section name:.reloc
Virtual address:0x0005d000
Physical address:0x00059200
Physical size:0x00001200
Section permissions:R--
import_hash:52a948b5de7cc38ae8e6110ce48389ff
time_stamp:2012-07-12 10:56:49
entry_point_section:.text
entry_point_section:.text
image_base:0x400000
entry_point:0x323f
name:RT_ICON
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x0005a208
size:0x00000ea8
name:RT_ICON
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x0005b0b0
size:0x000008a8
name:RT_ICON
language:LANG_CHINESE
filetype:GLS_BINARY_LSB_FIRST
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x0005b958
size:0x00000568
name:RT_ICON
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x0005bec0
size:0x0000052c
name:RT_DIALOG
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x0005c3ec
size:0x00000094
name:RT_GROUP_ICON
language:LANG_CHINESE
filetype:MS Windows icon resource - 4 icons, 48x48, 256-colors
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x0005c480
size:0x0000003e
name:RT_VERSION
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x0005c4c0
size:0x000002cc
name:RT_MANIFEST
language:LANG_ENGLISH
filetype:ASCII text, with CRLF line terminators
sublanguage:SUBLANG_ENGLISH_US
offset:0x0005c78c
size:0x0000015a

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号