VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load
532a6fdbdb3149f05d4905a8a1f68df0    Threatbook file behavior analysis report
Virscan.org multi-engine scan report
Basic Information
file name:532a6fdbdb3149f05d4905a8a1f68df0
file type:EXEx86
Submission time:2019-03-16 01:02:59
Threat level:malicious
MD5:532a6fdbdb3149f05d4905a8a1f68df0
sha256:82f2809ff8c80c51fa7e9d529df1f754bc0ca93f3858e1c7c98f2488e6be90fb
Document Threat Intelligence IOC Report
No intelligence IOC detected
Intelligence decision system
Undetected intelligence determination system
Network behavior report
domains
ip:
domain:aleph.comparent.ru
ip:
domain:breadice.top
dns
type:A
request:aleph.comparent.ru
type:A
request:breadice.top
http:0
udp:0
smtp:0
icmp:0
irc:0
hosts:0
Document release report
file name:errorPageStrings[1]
file type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
file size:2949
MD5:e3e4a98353f119b80b323302f26b78fa
file name:httpErrorPagesScripts[1]
file type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
file size:8714
MD5:3f57b781cb3ef114dd0b665151571b7b
file name:dnserror[1]
file type:HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
file size:1857
MD5:73c70b34b5f8f158d38a94b9d7766515
file name:{6f4883e3-47ca-11e9-9962-525400028643}.dat
file type:Composite Document File V2 Document, No summary info
file size:4096
MD5:0c85a024ab593ea0e648059415574c87
file name:NewErrorPageTemplate[2]
file type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
file size:1310
MD5:cdf81e591d9cbfb47a7f97a2bcdb70b9
file name:recoverystore.{6f4883e1-47ca-11e9-9962-525400028643}.dat
file type:Composite Document File V2 Document, No summary info
file size:5632
MD5:a122075f85e1ffd2ef1fe284f405eb29
file name:search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
file type:PNG image data, 16 x 16, 4-bit colormap, non-interlaced
file size:237
MD5:9fb559a691078558e77d6848202f6541
File process number report
Process details:共分析了3个进程
Document behavior signature report
Low risk behavior
System Sensitive Operations:Creates executable files on the filesystem
Suspicious behavior0
High risk behavior0
Low risk behavior
General behavior:Contains ability to find and load resources of a specific module
Suspicious behavior0
High risk behavior0
Low risk behavior
System Environment Detection:Contains functionality to query system information
Suspicious behavior0
High risk behavior0
Low risk behavior
Static File Characteristics:Found potential IP address or url in binary/memory
Suspicious behavior0
High risk behavior0
Low risk behavior
Information gathering:Queries the internet cache settings (often used to hide footprints in index.dat or internet cache)
Suspicious behavior0
High risk behavior0
Low risk behavior
System Environment Detection:Searches for the Microsoft Outlook file path
Suspicious behavior0
High risk behavior0
Low risk behavior0
Suspicious behavior
Network correlation:Resolves a suspicious Top Level Domain (TLD)
High risk behavior0
Low risk behavior0
Suspicious behavior
Information gathering:Contains functionality to retrieve information about pressed keystrokes
High risk behavior0
Low risk behavior0
Suspicious behavior
High risk behavior0
Low risk behavior0
Suspicious behavior
System Sensitive Operations:Modify internet zones
High risk behavior0
Low risk behavior0
Suspicious behavior
System Sensitive Operations:Modifies proxy settings
High risk behavior0
Low risk behavior0
Suspicious behavior
Anti-detection Technology:Checks adapter addresses which can be used to detect virtual network interfaces
High risk behavior0
Low risk behavior0
Suspicious behavior
Information gathering:Queries sensitive IE security settings
High risk behavior0
Low risk behavior0
Suspicious behavior
System Environment Detection:Scans for the windows taskbar (often used for explorer injection)
High risk behavior0
Low risk behavior0
Suspicious behavior
Information gathering:Steals Internet Explorer cookies
High risk behavior0
Static information
Section name:.text
Virtual address:0x00001000
Physical address:0x00000400
Physical size:0x00013600
Section permissions:R-E
Section name:.rdata
Virtual address:0x00015000
Physical address:0x00013a00
Physical size:0x00006a00
Section permissions:R--
Section name:.data
Virtual address:0x0001c000
Physical address:0x0001a400
Physical size:0x00000a00
Section permissions:RW-
Section name:.gfids
Virtual address:0x0001e000
Physical address:0x0001ae00
Physical size:0x00000200
Section permissions:R--
Section name:.rsrc
Virtual address:0x0001f000
Physical address:0x0001b000
Physical size:0x00044200
Section permissions:R--
Section name:.reloc
Virtual address:0x00064000
Physical address:0x0005f200
Physical size:0x00001400
Section permissions:R--
import_hash:f904d1e5526d0836f81307506238fc46
time_stamp:2017-06-01 02:13:02
entry_point_section:.text
entry_point_section:.text
image_base:0x400000
entry_point:0x56f4
name:RT_RIBBON_XML
language:LANG_NEUTRAL
filetype:XML document text
sublanguage:SUBLANG_NEUTRAL
offset:0x0001f8f8
size:0x0000039d
name:RT_BITMAP
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x0001fc98
size:0x000004e8
name:RT_ICON
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_SYS_DEFAULT
offset:0x000206a8
size:0x00000330
name:RT_ICON
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_SYS_DEFAULT
offset:0x000209d8
size:0x00000130
name:RT_ICON
language:LANG_NEUTRAL
filetype:GLS_BINARY_LSB_FIRST
sublanguage:SUBLANG_SYS_DEFAULT
offset:0x00020b08
size:0x000000b0
name:RT_ICON
language:LANG_NEUTRAL
filetype:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
sublanguage:SUBLANG_SYS_DEFAULT
offset:0x00020bb8
size:0x000040bf
name:RT_ICON
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_SYS_DEFAULT
offset:0x00024c78
size:0x00000668
name:RT_ICON
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_SYS_DEFAULT
offset:0x000252e0
size:0x000002e8
name:RT_ICON
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_SYS_DEFAULT
offset:0x000255c8
size:0x000001e8
name:RT_ICON
language:LANG_NEUTRAL
filetype:GLS_BINARY_LSB_FIRST
sublanguage:SUBLANG_SYS_DEFAULT
offset:0x000257b0
size:0x00000128
name:RT_ICON
language:LANG_NEUTRAL
filetype:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
sublanguage:SUBLANG_SYS_DEFAULT
offset:0x000258d8
size:0x000077fe
name:RT_ICON
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_SYS_DEFAULT
offset:0x0002d0d8
size:0x00000ea8
name:RT_ICON
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_SYS_DEFAULT
offset:0x0002df80
size:0x000008a8
name:RT_ICON
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_SYS_DEFAULT
offset:0x0002e828
size:0x000006c8
name:RT_ICON
language:LANG_NEUTRAL
filetype:GLS_BINARY_LSB_FIRST
sublanguage:SUBLANG_SYS_DEFAULT
offset:0x0002eef0
size:0x00000568
name:RT_ICON
language:LANG_NEUTRAL
filetype:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
sublanguage:SUBLANG_SYS_DEFAULT
offset:0x0002f458
size:0x00005aff
name:RT_ICON
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_SYS_DEFAULT
offset:0x00034f58
size:0x00010828
name:RT_ICON
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_SYS_DEFAULT
offset:0x00045780
size:0x000094a8
name:RT_ICON
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_SYS_DEFAULT
offset:0x0004ec28
size:0x000067e8
name:RT_ICON
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_SYS_DEFAULT
offset:0x00055410
size:0x00005488
name:RT_ICON
language:LANG_NEUTRAL
filetype:FoxPro FPT, blocks size 0, next free block index 671088640
sublanguage:SUBLANG_SYS_DEFAULT
offset:0x0005a898
size:0x00004228
name:RT_ICON
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_SYS_DEFAULT
offset:0x0005eac0
size:0x000025a8
name:RT_ICON
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_SYS_DEFAULT
offset:0x00061068
size:0x000010a8
name:RT_ICON
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_SYS_DEFAULT
offset:0x00062110
size:0x00000988
name:RT_ICON
language:LANG_NEUTRAL
filetype:GLS_BINARY_LSB_FIRST
sublanguage:SUBLANG_SYS_DEFAULT
offset:0x00062a98
size:0x00000468
name:RT_MENU
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x000205f8
size:0x000000b0
name:RT_GROUP_ICON
language:LANG_NEUTRAL
filetype:MS Windows icon resource - 23 icons, 48x48, 2-colors
sublanguage:SUBLANG_SYS_DEFAULT
offset:0x00062f00
size:0x00000148
name:RT_VERSION
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x0001f650
size:0x000002a8
name:RT_MANIFEST
language:LANG_NEUTRAL
filetype:XML document text
sublanguage:SUBLANG_NEUTRAL
offset:0x00020180
size:0x00000478

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号