VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load
setup.exe    Threatbook file behavior analysis report
Virscan.org multi-engine scan report
Basic Information
file name:setup.exe
file type:EXEx86
Submission time:2019-02-12 01:03:14
Threat level:clean
MD5:60535130462b65399d81464b717b8ee7
sha256:a8e319f10bd3407862a5d59d0ebef7642644b42f403002c72bce56aa3c2e22be
Document Threat Intelligence IOC Report
No intelligence IOC detected
Intelligence decision system
Undetected intelligence determination system
Network behavior report
domains:0
dns:0
http:0
Document release report
file name:_regdll.tmp
file type:PE32 executable (GUI) Intel 80386, for MS Windows
file size:4096
MD5:0ee914c6f0bb93996c75941e1ad629c6
file name:_shfoldr.dll
file type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
file size:23312
MD5:92dc6ef532fbb4a5c3201469a5b5eb63
file name:a8e319f10bd3407862a5d59d0ebef7642644b42f403002c72bce56aa3c2e22be.tmp
file type:PE32 executable (GUI) Intel 80386, for MS Windows
file size:697856
MD5:4db944009887bccd86a88f6c409d4475
File process number report
Process details:0
                  
Document behavior signature report
Low risk behavior
General behavior:Creates a writable file in a temporary directory
Low risk behavior
General behavior:Contains ability to find and load resources of a specific module
Low risk behavior
System Environment Detection:Contains functionality to query system information
Low risk behavior
Static File Characteristics:Found potential IP address or url in binary/memory
Low risk behavior
General behavior:Sample reads its own file content
可疑行为
Reverse Engineering:Checks if process is being debugged by a debugger
可疑行为
System Sensitive Operations:Creates executable files on the filesystem
可疑行为
System Sensitive Operations:Disables application error messsages (SetErrorMode)
可疑行为
Information gathering:Contains functionality to retrieve information about pressed keystrokes
Static information
PE section table information
Section name:CODE
Virtual address:0x00001000
Physical address:0x00000400
Physical size:0x00009400
Section permissions:R-E
Section name:DATA
Virtual address:0x0000b000
Physical address:0x00009800
Physical size:0x00000400
Section permissions:RW-
Section name:BSS
Virtual address:0x0000c000
Physical address:0x00009c00
Physical size:0x00000000
Section permissions:RW-
Section name:.idata
Virtual address:0x0000d000
Physical address:0x00009c00
Physical size:0x00000a00
Section permissions:RW-
Section name:.tls
Virtual address:0x0000e000
Physical address:0x0000a600
Physical size:0x00000000
Section permissions:RW-
Section name:.rdata
Virtual address:0x0000f000
Physical address:0x0000a600
Physical size:0x00000200
Section permissions:R--
Section name:.reloc
Virtual address:0x00010000
Physical address:0x00000000
Physical size:0x00000000
Section permissions:R--
Section name:.rsrc
Virtual address:0x00011000
Physical address:0x0000a800
Physical size:0x00002e00
Section permissions:R--
PE basic information
import_hash:884310b1928934402ea6fec1dbd3cf5e
time_stamp:1992-06-20 06:22:17
entry_point_section:CODE
entry_point_section:CODE
image_base:0x400000
entry_point:0x9b24
PE resource information
name:RT_ICON
language:LANG_ENGLISH
filetype:dBase IV DBT of \200.DBF, blocks size 64, block length 4096, next free block index 40, 1st item \"\361Y\"
sublanguage:SUBLANG_ENGLISH_US
offset:0x000112c4
size:0x00001628
name:RT_STRING
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x000128ec
size:0x000002f2
name:RT_STRING
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x00012be0
size:0x0000030c
name:RT_STRING
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x00012eec
size:0x000002ce
name:RT_STRING
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x000131bc
size:0x00000068
name:RT_STRING
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x00013224
size:0x000000b4
name:RT_STRING
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x000132d8
size:0x000000ae
name:RT_RCDATA
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x00013388
size:0x0000002c
name:RT_GROUP_ICON
language:LANG_ENGLISH
filetype:MS Windows icon resource - 1 icon
sublanguage:SUBLANG_ENGLISH_US
offset:0x000133b4
size:0x00000014
name:RT_VERSION
language:LANG_ENGLISH
filetype:COM executable for DOS
sublanguage:SUBLANG_ENGLISH_US
offset:0x000133c8
size:0x000004b8
name:RT_MANIFEST
language:LANG_ENGLISH
filetype:XML document text
sublanguage:SUBLANG_ENGLISH_US
offset:0x00013880
size:0x00000560

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号