VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load
warh_setup.exe    Threatbook file behavior analysis report
Virscan.org multi-engine scan report
Basic Information
file name:warh_setup.exe
file type:EXEx86
Submission time:2018-11-05 19:49:25
Threat level:malicious
MD5:7403bc83a7f7b0978c7dc523569d9f55
sha256:2f9948bda62a065d37636f37c949e8ca8bd317fb17b069c7452fa8f70b27e958
Document Threat Intelligence IOC Report
No intelligence IOC detected
Intelligence decision system
Undetected intelligence determination system
Network behavior report
domains:0
dns:0
http:0
Document release report
file name:2f9948bda62a065d37636f37c949e8ca8bd317fb17b069c7452fa8f70b27e958.exe
file type:PE32 executable (GUI) Intel 80386, for MS Windows
file size:1064448
MD5:7403bc83a7f7b0978c7dc523569d9f55
file name:2f9948bda62a065d37636f37c949e8ca8bd317fb17b069c7452fa8f70b27e958.exe
file type:PE32 executable (GUI) Intel 80386, for MS Windows, PECompact2 compressed
file size:99328
MD5:777572d79790aca9a2a7c368a6ebc882
file name:_mexec.bat
file type:ASCII text, with CRLF line terminators
file size:325
MD5:ffd5ccfa03afd4e1382bd36ff702bf8b
file name:_mdelete.bat
file type:ASCII text, with CRLF line terminators
file size:250
MD5:b125c9749a736b18e225e564f511492a
File process number report
Process details:0
Document behavior signature report
Static information
PE section table information
Section name:.text
Virtual address:0x00001000
Physical address:0x00000000
Physical size:0x00000000
Section permissions:R-E
Section name:.itext
Virtual address:0x001d2000
Physical address:0x00000000
Physical size:0x00000000
Section permissions:R-E
Section name:.data
Virtual address:0x001d4000
Physical address:0x00000000
Physical size:0x00000000
Section permissions:RW-
Section name:.bss
Virtual address:0x001da000
Physical address:0x00000000
Physical size:0x00000000
Section permissions:RW-
Section name:.idata
Virtual address:0x001e0000
Physical address:0x00000000
Physical size:0x00000000
Section permissions:RW-
Section name:.didata
Virtual address:0x001e4000
Physical address:0x00000000
Physical size:0x00000000
Section permissions:RW-
Section name:.edata
Virtual address:0x001e5000
Physical address:0x00000000
Physical size:0x00000000
Section permissions:R--
Section name:.tls
Virtual address:0x001e6000
Physical address:0x00000000
Physical size:0x00000000
Section permissions:RW-
Section name:.rdata
Virtual address:0x001e7000
Physical address:0x00000000
Physical size:0x00000000
Section permissions:R--
Section name:.vmp0
Virtual address:0x001e8000
Physical address:0x00000000
Physical size:0x00000000
Section permissions:R-E
Section name:.vmp1
Virtual address:0x001eb000
Physical address:0x00000400
Physical size:0x00101600
Section permissions:RWE
Section name:.reloc
Virtual address:0x002ed000
Physical address:0x00101a00
Physical size:0x00000200
Section permissions:R--
Section name:.rsrc
Virtual address:0x002ee000
Physical address:0x00101c00
Physical size:0x00002200
Section permissions:R--
PE basic information
import_hash:1aff7c58bde77ef6cb3705583f76e1e9
time_stamp:2016-06-28 18:57:11
entry_point_section:.vmp1
entry_point_section:.vmp1
image_base:0x400000
entry_point:0x293b2e
PE resource information
name:EXE
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x002f0114
size:0x00018400
name:RT_CURSOR
language:LANG_ENGLISH
filetype:empty
sublanguage:SUBLANG_ENGLISH_US
offset:0x00308514
size:0x00000134
name:RT_CURSOR
language:LANG_ENGLISH
filetype:empty
sublanguage:SUBLANG_ENGLISH_US
offset:0x00308648
size:0x00000134
name:RT_CURSOR
language:LANG_ENGLISH
filetype:empty
sublanguage:SUBLANG_ENGLISH_US
offset:0x0030877c
size:0x00000134
name:RT_CURSOR
language:LANG_ENGLISH
filetype:empty
sublanguage:SUBLANG_ENGLISH_US
offset:0x003088b0
size:0x00000134
name:RT_CURSOR
language:LANG_ENGLISH
filetype:empty
sublanguage:SUBLANG_ENGLISH_US
offset:0x003089e4
size:0x00000134
name:RT_CURSOR
language:LANG_ENGLISH
filetype:empty
sublanguage:SUBLANG_ENGLISH_US
offset:0x00308b18
size:0x00000134
name:RT_CURSOR
language:LANG_ENGLISH
filetype:empty
sublanguage:SUBLANG_ENGLISH_US
offset:0x00308c4c
size:0x00000134
name:RT_ICON
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x002ee9e0
size:0x00000ea8
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00308d80
size:0x00000290
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00309010
size:0x00000364
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00309374
size:0x00000414
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00309788
size:0x0000010c
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00309894
size:0x000000cc
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00309960
size:0x0000029c
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00309bfc
size:0x000003d0
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00309fcc
size:0x000003d4
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0030a3a0
size:0x000004cc
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0030a86c
size:0x000001f0
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0030aa5c
size:0x00000458
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0030aeb4
size:0x000004d4
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0030b388
size:0x00000490
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0030b818
size:0x00000390
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0030bba8
size:0x00000458
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0030c000
size:0x000001ec
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0030c1ec
size:0x000000c4
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0030c2b0
size:0x00000170
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0030c420
size:0x00000334
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0030c754
size:0x00000408
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0030cb5c
size:0x0000038c
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0030cee8
size:0x000002b4
name:RT_RCDATA
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0030d19c
size:0x00000010
name:RT_RCDATA
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0030d1ac
size:0x00000698
name:RT_RCDATA
language:LANG_ENGLISH
filetype:empty
sublanguage:SUBLANG_ENGLISH_US
offset:0x0030d844
size:0x00000002
name:RT_RCDATA
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0030d848
size:0x0000010e
name:RT_GROUP_CURSOR
language:LANG_ENGLISH
filetype:empty
sublanguage:SUBLANG_ENGLISH_US
offset:0x0030d958
size:0x00000014
name:RT_GROUP_CURSOR
language:LANG_ENGLISH
filetype:empty
sublanguage:SUBLANG_ENGLISH_US
offset:0x0030d96c
size:0x00000014
name:RT_GROUP_CURSOR
language:LANG_ENGLISH
filetype:empty
sublanguage:SUBLANG_ENGLISH_US
offset:0x0030d980
size:0x00000014
name:RT_GROUP_CURSOR
language:LANG_ENGLISH
filetype:empty
sublanguage:SUBLANG_ENGLISH_US
offset:0x0030d994
size:0x00000014
name:RT_GROUP_CURSOR
language:LANG_ENGLISH
filetype:empty
sublanguage:SUBLANG_ENGLISH_US
offset:0x0030d9a8
size:0x00000014
name:RT_GROUP_CURSOR
language:LANG_ENGLISH
filetype:empty
sublanguage:SUBLANG_ENGLISH_US
offset:0x0030d9bc
size:0x00000014
name:RT_GROUP_CURSOR
language:LANG_ENGLISH
filetype:empty
sublanguage:SUBLANG_ENGLISH_US
offset:0x0030d9d0
size:0x00000014
name:RT_GROUP_ICON
language:LANG_ENGLISH
filetype:MS Windows icon resource - 1 icon
sublanguage:SUBLANG_ENGLISH_US
offset:0x002ef888
size:0x00000014
name:RT_VERSION
language:LANG_ENGLISH
filetype:MIPSEB-LE MIPS-III ECOFF executable not stripped - version 0.79
sublanguage:SUBLANG_ENGLISH_US
offset:0x002ef89c
size:0x00000140
name:RT_MANIFEST
language:LANG_ENGLISH
filetype:XML document text
sublanguage:SUBLANG_ENGLISH_US
offset:0x002ef9dc
size:0x00000738

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号