VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load
wandou_v1.1.0.0_@1346@.exe    Threatbook file behavior analysis report
Virscan.org multi-engine scan report
Basic Information
file name:wandou_v1.1.0.0_@1346@.exe
file type:EXEx86
Submission time:2019-01-11 23:01:22
Threat level:clean
MD5:72c6d35fe356d2fe1806ba7f86430f82
sha256:d3dff23540e9fddd11dc9d64646e5c838bcc5158c60854ba78ca6f75a8e9a9f0
Document Threat Intelligence IOC Report
No intelligence IOC detected
Intelligence decision system
Undetected intelligence determination system
Network behavior report
domains:0
dns:0
http:0
hosts:2
hosts:5
Document release report
file name:nsm8F6E.tmp
file type:empty
file size:0
MD5:d41d8cd98f00b204e9800998ecf8427e
file name:setupdll.dll
file type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
file size:2075136
MD5:378041f6fb338ea05fca979955eea067
file name:system.dll
file type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
file size:11264
MD5:c17103ae9072a06da581dec998343fc1
File process number report
Process details:0
                  
Document behavior signature report
Low risk behavior
General behavior:Read or write ini files
Low risk behavior
General behavior:Contains ability to find and load resources of a specific module
Low risk behavior
System Environment Detection:Contains functionality to query system information
Low risk behavior
Static File Characteristics:Found potential IP address or url in binary/memory
Low risk behavior
System Environment Detection:Reads the active computer name
可疑行为
Anti-detection Technology:Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation
可疑行为
System Sensitive Operations:Creates executable files on the filesystem
可疑行为
Anti-detection Technology:Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available
可疑行为
System Environment Detection:Scans for the windows taskbar (often used for explorer injection)
Static information
PE section table information
Section name:.text
Virtual address:0x00001000
Physical address:0x00000400
Physical size:0x00005a00
Section permissions:R-E
Section name:.rdata
Virtual address:0x00007000
Physical address:0x00005e00
Physical size:0x00001200
Section permissions:R--
Section name:.data
Virtual address:0x00009000
Physical address:0x00007000
Physical size:0x00000400
Section permissions:RW-
Section name:.ndata
Virtual address:0x00024000
Physical address:0x00000000
Physical size:0x00000000
Section permissions:RW-
Section name:.rsrc
Virtual address:0x0002e000
Physical address:0x00007400
Physical size:0x0001b200
Section permissions:R--
PE basic information
import_hash:7fa974366048f9c551ef45714595665e
time_stamp:2009-12-06 06:50:41
entry_point_section:.text
entry_point_section:.text
image_base:0x400000
entry_point:0x30cb
PE resource information
name:RT_ICON
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x0002e3b8
size:0x00010828
name:RT_ICON
language:LANG_ENGLISH
filetype:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
sublanguage:SUBLANG_ENGLISH_US
offset:0x0003ebe0
size:0x00003812
name:RT_ICON
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x000423f8
size:0x000025a8
name:RT_ICON
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x000449a0
size:0x000010a8
name:RT_ICON
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x00045a48
size:0x00000ea8
name:RT_ICON
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x000468f0
size:0x000008a8
name:RT_ICON
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x00047198
size:0x00000668
name:RT_ICON
language:LANG_ENGLISH
filetype:GLS_BINARY_LSB_FIRST
sublanguage:SUBLANG_ENGLISH_US
offset:0x00047800
size:0x00000568
name:RT_ICON
language:LANG_ENGLISH
filetype:GLS_BINARY_LSB_FIRST
sublanguage:SUBLANG_ENGLISH_US
offset:0x00047d68
size:0x00000468
name:RT_ICON
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x000481d0
size:0x000002e8
name:RT_ICON
language:LANG_ENGLISH
filetype:GLS_BINARY_LSB_FIRST
sublanguage:SUBLANG_ENGLISH_US
offset:0x000484b8
size:0x00000128
name:RT_DIALOG
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x000485e0
size:0x000001ee
name:RT_DIALOG
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x000487d0
size:0x000000e4
name:RT_DIALOG
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x000488b8
size:0x000000da
name:RT_GROUP_ICON
language:LANG_ENGLISH
filetype:MS Windows icon resource - 11 icons, 48x48, 16-colors
sublanguage:SUBLANG_ENGLISH_US
offset:0x00048998
size:0x000000a0
name:RT_VERSION
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x00048a38
size:0x0000023c
name:RT_MANIFEST
language:LANG_ENGLISH
filetype:XML document text
sublanguage:SUBLANG_ENGLISH_US
offset:0x00048c78
size:0x000003be

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号