VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load
HA_ePSXe1.70fix_LRH.exe    Threatbook file behavior analysis report
Virscan.org multi-engine scan report
Behavior analysis report:         Habo file analysis
Basic Information
file name:HA_ePSXe1.70fix_LRH.exe
file type:EXEx86
Submission time:2018-11-09 11:00:11
Threat level:malicious
MD5:54f00a5b5a34e04f4d426f309ea9da70
sha256:0c5e4dbe897cb22eab3e9d190f072c1b6bd924c448879fbc9550f2f41c16c7b7
Threat Intelligence IOC
Ioc object:0c5e4dbe897cb22eab3e9d190f072c1b6bd924c448879fbc9550f2f41c16c7b7
Ioc type:file_sha256
Type of intelligence:m
Credibility:75
severity:high
Intelligence decision system
Abnormal flow detection system:0
Hunting system:0
DGA domain name recognition system:0
Network behavior report
domains:0
dns:0
http:0
Document release report
file name:nse2D06.tmp
file type:empty
file size:0
MD5:d41d8cd98f00b204e9800998ecf8427e
file name:modern-wizard.bmp
file type:PC bitmap, Windows 3.x format, 300 x 478 x 8
file size:144476
MD5:56422b1c22a4b5ebf9a4976c0515b090
file name:modern-header.bmp
file type:PC bitmap, Windows 3.x format, 150 x 57 x 24
file size:25820
MD5:6e12808e8faf84eab813cb95c25879fc
file name:installoptions.dll
file type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
file size:14848
MD5:f7730497c40fed85e359d0a1088d0943
file name:sobar.bmp
file type:PC bitmap, Windows 3.x format, 300 x 65 x 24
file size:58554
MD5:74391a81f20c34a90fd8e39889726078
file name:brandingurl.dll
file type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
file size:3584
MD5:9c3488b5e9655d1837c3963ecec33f70
file name:baiduio.ini
file type:ISO-8859 text, with CRLF line terminators
file size:1588
MD5:92ba060349c27ab88a8b688bbc4008a8
file name:iospecial.ini
file type:ISO-8859 text, with CRLF line terminators
file size:704
MD5:1a31c231fb9b9a2cde8104c2a74276af
file name:cnnic_small.bmp
file type:PC bitmap, Windows 3.x format, 302 x 106 x 24
file size:96302
MD5:409fb740c98b5f505f13796dd10a6747
file name:left.bmp
file type:PC bitmap, Windows 3.x format, 164 x 314 x 24
file size:154542
MD5:4164da0c4b20e96293297895bfefb757
File process number report
Process details:0
Document behavior signature report
category:file
ioc:C:Windowswin.ini
type:ioc
category:file
ioc:C:UsersvbccsbAppDataLocalTemp sz628F.tmpaiduio.ini
type:ioc
category:file
ioc:C:UsersvbccsbAppDataLocalTemp sz628F.tmpioSpecial.ini
type:ioc
api:NtCreateFile
category:file
type:call
api:NtCreateFile
category:file
type:call
api:NtCreateFile
category:file
type:call
api:NtCreateFile
category:file
type:call
api:NtCreateFile
category:file
type:call
api:NtCreateFile
category:file
type:call
api:NtCreateFile
category:file
type:call
api:GlobalMemoryStatusEx
category:system
type:call
category:url
ioc:http://ray.soft2cn.cn/
type:ioc
category:url
ioc:http://www.soft2cn.cn/
type:ioc
category:url
ioc:http://www.skycn.com/
type:ioc
category:url
ioc:http://www.onlinedown.net/
type:ioc
category:url
ioc:http://www.cnnic.cn
type:ioc
category:url
ioc:http://bbs.soft2cn.cn/
type:ioc
category:url
ioc:http://www.baidu.com/s?ie=UTF-8&wd=
type:ioc
category:url
ioc:http://www.baidu.com/baidu?word=%20ePSXe&tn=fly2sky_dg
type:ioc
category:url
ioc:http://ray.soft2cn.cn
type:ioc
api:NtReadFile
category:file
type:call
api:NtReadFile
category:file
type:call
api:NtReadFile
category:file
type:call
api:NtReadFile
category:file
type:call
api:NtReadFile
category:file
type:call
api:NtReadFile
category:file
type:call
api:NtReadFile
category:file
type:call
api:NtReadFile
category:file
type:call
api:NtReadFile
category:file
type:call
api:NtReadFile
category:file
type:call
api:NtReadFile
category:file
type:call
api:NtReadFile
category:file
type:call
api:NtReadFile
category:file
type:call
api:NtReadFile
category:file
type:call
api:NtReadFile
category:file
type:call
api:NtReadFile
category:file
type:call
api:NtReadFile
category:file
type:call
api:NtReadFile
category:file
type:call
api:NtReadFile
category:file
type:call
api:NtReadFile
category:file
type:call
api:NtReadFile
category:file
type:call
api:NtReadFile
category:file
type:call
api:NtReadFile
category:file
type:call
api:NtReadFile
category:file
type:call
api:NtReadFile
category:file
type:call
api:NtReadFile
category:file
type:call
api:NtReadFile
category:file
type:call
api:NtReadFile
category:file
type:call
api:NtReadFile
category:file
type:call
api:NtReadFile
category:file
type:call
api:NtReadFile
category:file
type:call
api:NtReadFile
category:file
type:call
api:NtReadFile
category:file
type:call
api:NtReadFile
category:file
type:call
api:NtReadFile
category:file
type:call
api:NtReadFile
category:file
type:call
api:NtReadFile
category:file
type:call
api:NtReadFile
category:file
type:call
api:NtReadFile
category:file
type:call
api:NtReadFile
category:file
type:call
api:NtReadFile
category:file
type:call
api:NtReadFile
category:file
type:call
api:NtReadFile
category:file
type:call
api:NtReadFile
category:file
type:call
api:NtReadFile
category:file
type:call
api:NtReadFile
category:file
type:call
api:NtReadFile
category:file
type:call
api:NtReadFile
category:file
type:call
api:NtReadFile
category:file
type:call
api:NtReadFile
category:file
type:call
category:0
ioc:0
type:generic
category:0
ioc:0
type:generic
Static information
PE section table information
Section name:.Ray
Virtual address:0x00001000
Physical address:0x00000400
Physical size:0x00000000
Section permissions:RWE
Section name:.Ray
Virtual address:0x0009d000
Physical address:0x00000400
Physical size:0x00004600
Section permissions:RWE
Section name:.Ray
Virtual address:0x000a2000
Physical address:0x00004a00
Physical size:0x00004600
Section permissions:RW-
PE basic information
import_hash:2134f794bcda54794e74b7208adb2204
time_stamp:2008-08-08 12:44:33
entry_point_section:.Ray
entry_point_section:.Ray
image_base:0x400000
entry_point:0xa1270
PE resource information
name:RT_BITMAP
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x000a22e4
size:0x00000666
name:RT_ICON
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x000a2950
size:0x000025a8
name:RT_ICON
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x000a4efc
size:0x000008a8
name:RT_DIALOG
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x000a57a8
size:0x000000a0
name:RT_DIALOG
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x000a584c
size:0x0000010c
name:RT_DIALOG
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x000a595c
size:0x00000144
name:RT_DIALOG
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x000a5aa4
size:0x000001ec
name:RT_DIALOG
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x000a5c94
size:0x000000e4
name:RT_DIALOG
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x000a5d7c
size:0x000000ba
name:RT_GROUP_ICON
language:LANG_ENGLISH
filetype:MS Windows icon resource - 2 icons, 32x32, 256-colors
sublanguage:SUBLANG_ENGLISH_US
offset:0x000a5e3c
size:0x00000022
name:RT_VERSION
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x000a5e64
size:0x00000358
name:RT_MANIFEST
language:LANG_ENGLISH
filetype:XML document text
sublanguage:SUBLANG_ENGLISH_US
offset:0x000a61c0
size:0x00000218

| | | |
Powered By CentOSpol

京ICP备11007605号-12

京公网安备 11010802020746号