VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load
3bd566a94d124b367ba767bd00685926    Threatbook file behavior analysis report
Virscan.org multi-engine scan report
Basic Information
file name:3bd566a94d124b367ba767bd00685926
Submission time:2019-02-12 01:04:26
Threat level:malicious
MD5:3bd566a94d124b367ba767bd00685926
sha256:956829c0c0de2cd1ee23debf6fa373d0c297b88c21d5bebb7f5d49a613b9b57e
Document Threat Intelligence IOC Report
No intelligence IOC detected
Intelligence decision system
Undetected intelligence determination system
Network behavior report
domains:0
dns:0
http:0
Document release report
file name:WERE399.tmp
file type:empty
file size:0
MD5:d41d8cd98f00b204e9800998ecf8427e
file name:were399.tmp.werinternalmetadata.xml
file type:XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
file size:2632
MD5:80acd7b381002ece9fb02cd93ca3bae3
File process number report
Process details:0
                      
Document behavior signature report
Low risk behavior
General behavior:Creates a writable file in a temporary directory
Low risk behavior
General behavior:Contains ability to find and load resources of a specific module
Low risk behavior
System Environment Detection:Contains functionality to query system information
Low risk behavior
System Environment Detection:Reads the active computer name
可疑行为
Reverse Engineering:Checks if process is being debugged by a debugger
可疑行为
Reverse Engineering:Contains functionality to create guard pages, often used to hinder reverse engineering and debugging
可疑行为
General behavior:Contains functionality to enum modules
可疑行为
Information gathering:Contains functionality to retrieve information about pressed keystrokes
可疑行为
Anti-detection Technology:Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available
可疑行为
Anti-detection Technology:Checks adapter addresses which can be used to detect virtual network interfaces
可疑行为
Reverse Engineering:The binary likely contains encrypted or compressed data indicative of a packer
Static information
PE section table information
Section name:.text
Virtual address:0x00002000
Physical address:0x00001000
Physical size:0x000b2000
Section permissions:R-E
Section name:.rsrc
Virtual address:0x000b4000
Physical address:0x000b3000
Physical size:0x00004000
Section permissions:R--
Section name:.reloc
Virtual address:0x000b8000
Physical address:0x000b7000
Physical size:0x00001000
Section permissions:R--
PE basic information
import_hash:f34d5f2d4577ed6d9ceec516c1f5a744
time_stamp:2011-08-18 09:06:08
entry_point_section:.text
entry_point_section:.text
image_base:0x400000
entry_point:0xb345e
PE resource information
name:RT_ICON
language:LANG_NEUTRAL
filetype:FoxPro FPT, blocks size 0, next free block index 671088640
sublanguage:SUBLANG_NEUTRAL
offset:0x000b4148
size:0x000025a8
name:RT_ICON
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x000b66f0
size:0x000010a8
name:RT_ICON
language:LANG_NEUTRAL
filetype:GLS_BINARY_LSB_FIRST
sublanguage:SUBLANG_NEUTRAL
offset:0x000b7798
size:0x00000468
name:RT_GROUP_ICON
language:LANG_NEUTRAL
filetype:MS Windows icon resource - 3 icons, 48x48, 256-colors
sublanguage:SUBLANG_NEUTRAL
offset:0x000b7c00
size:0x00000030
name:RT_VERSION
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x000b7c30
size:0x00000314

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号