VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load
神途玉兔.exe    Threatbook file behavior analysis report
Virscan.org multi-engine scan report
Basic Information
file name:神途玉兔.exe
file type:EXEx86
Submission time:2018-12-27 00:00:17
Threat level:malicious
MD5:3182965d57d64e593229f188dc18f35b
sha256:919f9818de7490ab464bb19d4065ad31654b99ec9356b1b5c73e0e09ba21eb49
Document Threat Intelligence IOC Report
No intelligence IOC detected
Intelligence decision system
Undetected intelligence determination system
Network behavior report
domains:0
dns:0
http:0
Document release report
file name:919f9818de7490ab464bb19d4065ad31654b99ec9356b1b5c73e0e09ba21eb49.exe
file type:PE32 executable (GUI) Intel 80386, for MS Windows
file size:5884912
MD5:3182965d57d64e593229f188dc18f35b
file name:LoginTemp.ini
file type:ASCII text, with CRLF line terminators
file size:30
MD5:9b2456363290ba7d3b58b22d66ce6a18
file name:gameofmir.bat
file type:ASCII text, with CRLF line terminators
file size:340
MD5:a1aa18aef9c4050bef467d26b3eee78a
file name:gameofmir.bat
file type:ASCII text, with CRLF line terminators
file size:277
MD5:f9c3260a78c7d1b37e443a7c2d1824d6
file name:gamelogin_debug.txt
file type:ISO-8859 text, with CRLF line terminators
file size:114
MD5:3127996c27f4194d69862e1074568387
file name:茅帽铆戮贸帽铆茫.lnk
file type:MS Windows shortcut
file size:762
MD5:a5fe2b3925cba5239100a1fbf009b09f
file name:gamelogin_debug.txt
file type:ISO-8859 text, with CRLF line terminators
file size:258
MD5:1e1d4b6bbd0aa8d0c23031d8eff6772c
File process number report
Process details:0
Document behavior signature report
Static information
PE section table information
Section name:CODE
Virtual address:0x00001000
Physical address:0x00000400
Physical size:0x0006a000
Section permissions:RW-
Section name:DATA
Virtual address:0x00117000
Physical address:0x0006a400
Physical size:0x00007600
Section permissions:RW-
Section name:BSS
Virtual address:0x00128000
Physical address:0x00071a00
Physical size:0x00000000
Section permissions:RW-
Section name:.idata
Virtual address:0x0012e000
Physical address:0x00071a00
Physical size:0x00001200
Section permissions:RW-
Section name:.tls
Virtual address:0x00131000
Physical address:0x00072c00
Physical size:0x00000000
Section permissions:RW-
Section name:.rdata
Virtual address:0x00132000
Physical address:0x00072c00
Physical size:0x00000200
Section permissions:RW-
Section name:.reloc
Virtual address:0x00133000
Physical address:0x00072e00
Physical size:0x00000000
Section permissions:RW-
Section name:.rsrc
Virtual address:0x00146000
Physical address:0x00072e00
Physical size:0x001a4c00
Section permissions:RW-
Section name:.aspack
Virtual address:0x005b6000
Physical address:0x00217a00
Physical size:0x00001800
Section permissions:RW-
Section name:.adata
Virtual address:0x005b8000
Physical address:0x00219200
Physical size:0x00000000
Section permissions:RW-
PE basic information
import_hash:01eedd9c291596203b3e4914babe655f
time_stamp:1992-06-20 06:22:17
entry_point_section:.aspack
entry_point_section:.aspack
image_base:0x400000
entry_point:0x5b6001
PE resource information
name:DLL
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x00147aa4
size:0x000a6000
name:EXE
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x001edaa4
size:0x00368a00
name:RT_CURSOR
language:LANG_ENGLISH
filetype:empty
sublanguage:SUBLANG_ENGLISH_US
offset:0x005564a4
size:0x00000134
name:RT_CURSOR
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x005565d8
size:0x00000134
name:RT_CURSOR
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0055670c
size:0x00000134
name:RT_CURSOR
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00556840
size:0x00000134
name:RT_CURSOR
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00556974
size:0x00000134
name:RT_CURSOR
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00556aa8
size:0x00000134
name:RT_CURSOR
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00556bdc
size:0x00000134
name:RT_CURSOR
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00556d10
size:0x00000134
name:RT_BITMAP
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00556e44
size:0x000001d0
name:RT_BITMAP
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00557014
size:0x000001e4
name:RT_BITMAP
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x005571f8
size:0x000001d0
name:RT_BITMAP
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x005573c8
size:0x000001d0
name:RT_BITMAP
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00557598
size:0x000001d0
name:RT_BITMAP
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00557768
size:0x000001d0
name:RT_BITMAP
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00557938
size:0x000001d0
name:RT_BITMAP
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00557b08
size:0x000001d0
name:RT_BITMAP
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00557cd8
size:0x000001d0
name:RT_BITMAP
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00557ea8
size:0x000001d0
name:RT_BITMAP
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00558078
size:0x000000c0
name:RT_BITMAP
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00558138
size:0x000000e0
name:RT_BITMAP
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00558218
size:0x000000e0
name:RT_BITMAP
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x005582f8
size:0x000000e0
name:RT_BITMAP
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x005583d8
size:0x000000c0
name:RT_BITMAP
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00558498
size:0x000000c0
name:RT_BITMAP
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00558558
size:0x000000e0
name:RT_BITMAP
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00558638
size:0x000000c0
name:RT_BITMAP
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x005586f8
size:0x000000e0
name:RT_BITMAP
language:LANG_CHINESE
filetype:empty
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x005587d8
size:0x000000e8
name:RT_BITMAP
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x005588c0
size:0x000000c0
name:RT_BITMAP
language:LANG_ENGLISH
filetype:empty
sublanguage:SUBLANG_ENGLISH_US
offset:0x00558980
size:0x000004b8
name:RT_BITMAP
language:LANG_ENGLISH
filetype:empty
sublanguage:SUBLANG_ENGLISH_US
offset:0x00558e38
size:0x000004b8
name:RT_BITMAP
language:LANG_ENGLISH
filetype:empty
sublanguage:SUBLANG_ENGLISH_US
offset:0x005592f0
size:0x000004b8
name:RT_BITMAP
language:LANG_ENGLISH
filetype:empty
sublanguage:SUBLANG_ENGLISH_US
offset:0x005597a8
size:0x000004b8
name:RT_BITMAP
language:LANG_ENGLISH
filetype:empty
sublanguage:SUBLANG_ENGLISH_US
offset:0x00559c60
size:0x000004b8
name:RT_BITMAP
language:LANG_ENGLISH
filetype:empty
sublanguage:SUBLANG_ENGLISH_US
offset:0x0055a118
size:0x00000628
name:RT_BITMAP
language:LANG_ENGLISH
filetype:empty
sublanguage:SUBLANG_ENGLISH_US
offset:0x0055a740
size:0x00000628
name:RT_BITMAP
language:LANG_ENGLISH
filetype:empty
sublanguage:SUBLANG_ENGLISH_US
offset:0x0055ad68
size:0x00000628
name:RT_BITMAP
language:LANG_ENGLISH
filetype:empty
sublanguage:SUBLANG_ENGLISH_US
offset:0x0055b390
size:0x00000628
name:RT_BITMAP
language:LANG_ENGLISH
filetype:empty
sublanguage:SUBLANG_ENGLISH_US
offset:0x0055b9b8
size:0x00000628
name:RT_BITMAP
language:LANG_ENGLISH
filetype:empty
sublanguage:SUBLANG_ENGLISH_US
offset:0x0055bfe0
size:0x00000628
name:RT_BITMAP
language:LANG_ENGLISH
filetype:empty
sublanguage:SUBLANG_ENGLISH_US
offset:0x0055c608
size:0x00000628
name:RT_BITMAP
language:LANG_ENGLISH
filetype:empty
sublanguage:SUBLANG_ENGLISH_US
offset:0x0055cc30
size:0x00000628
name:RT_BITMAP
language:LANG_ENGLISH
filetype:empty
sublanguage:SUBLANG_ENGLISH_US
offset:0x0055d258
size:0x00000628
name:RT_BITMAP
language:LANG_ENGLISH
filetype:empty
sublanguage:SUBLANG_ENGLISH_US
offset:0x0055d880
size:0x00000628
name:RT_BITMAP
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0055dea8
size:0x000000e0
name:RT_ICON
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x005b741c
size:0x000002e8
name:RT_DIALOG
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0055e270
size:0x00000052
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0055e2c4
size:0x000003ae
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0055e674
size:0x00000386
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0055e9fc
size:0x000001a8
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0055eba4
size:0x00000290
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0055ee34
size:0x00000358
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0055f18c
size:0x00000404
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0055f590
size:0x000003f8
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0055f988
size:0x00000310
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0055fc98
size:0x00000324
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0055ffbc
size:0x000003fc
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x005603b8
size:0x000002e8
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x005606a0
size:0x000003f0
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00560a90
size:0x000001d0
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00560c60
size:0x00000168
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00560dc8
size:0x00000120
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00560ee8
size:0x00000144
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0056102c
size:0x000008c0
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x005618ec
size:0x000007a0
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0056208c
size:0x000009b0
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00562a3c
size:0x0000053c
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00562f78
size:0x00000234
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x005631ac
size:0x00000260
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0056340c
size:0x000001bc
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x005635c8
size:0x00000144
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0056370c
size:0x0000011c
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00563828
size:0x000001a0
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x005639c8
size:0x000001d0
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00563b98
size:0x0000016c
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00563d04
size:0x00000238
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00563f3c
size:0x0000037c
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x005642b8
size:0x0000011c
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x005643d4
size:0x000000ec
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x005644c0
size:0x00000130
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x005645f0
size:0x00000414
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00564a04
size:0x000003ac
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00564db0
size:0x000003a4
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00565154
size:0x0000037c
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x005654d0
size:0x000003bc
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0056588c
size:0x000000f0
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0056597c
size:0x000000c0
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00565a3c
size:0x000002d8
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00565d14
size:0x00000414
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00566128
size:0x00000330
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00566458
size:0x00000314
name:RT_RCDATA
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0056676c
size:0x00000010
name:RT_RCDATA
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0056677c
size:0x00000bf8
name:RT_RCDATA
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00567374
size:0x0000aadf
name:RT_RCDATA
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00571e54
size:0x00012424
name:RT_RCDATA
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00584278
size:0x00013b01
name:RT_RCDATA
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00597d7c
size:0x0000dae3
name:RT_RCDATA
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x005a5860
size:0x000012dd
name:RT_RCDATA
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x005a6b40
size:0x0000d147
name:RT_RCDATA
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x005b3c88
size:0x000012ec
name:RT_GROUP_CURSOR
language:LANG_ENGLISH
filetype:empty
sublanguage:SUBLANG_ENGLISH_US
offset:0x005b4f74
size:0x00000014
name:RT_GROUP_CURSOR
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x005b4f88
size:0x00000014
name:RT_GROUP_CURSOR
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x005b4f9c
size:0x00000014
name:RT_GROUP_CURSOR
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x005b4fb0
size:0x00000014
name:RT_GROUP_CURSOR
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x005b4fc4
size:0x00000014
name:RT_GROUP_CURSOR
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x005b4fd8
size:0x00000014
name:RT_GROUP_CURSOR
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x005b4fec
size:0x00000014
name:RT_GROUP_CURSOR
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x005b5000
size:0x00000014
name:RT_GROUP_ICON
language:LANG_CHINESE
filetype:MS Windows icon resource - 1 icon
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x005b7408
size:0x00000014

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号