VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load
6b2d11a1f043ad7e8977f59142c334c3    Threatbook file behavior analysis report
Virscan.org multi-engine scan report
Basic Information
file name:6b2d11a1f043ad7e8977f59142c334c3
file type:EXEx86
Submission time:2019-02-13 01:05:36
Threat level:malicious
MD5:6b2d11a1f043ad7e8977f59142c334c3
sha256:153d96639d0f2aea92778d3dd4fe425a45901945a231bbe27c8a605c3c5b872a
Document Threat Intelligence IOC Report
No intelligence IOC detected
Intelligence decision system
Undetected intelligence determination system
Network behavior report
domains:0
dns:0
http:0
Document release report
File release report not detected
File process number report
Process details:0
                          
Document behavior signature report
Low risk behavior
General behavior:Uses Windows APIs to generate a cryptographic key
Low risk behavior
General behavior:Contains ability to find and load resources of a specific module
Low risk behavior
System Environment Detection:Contains functionality to query system information
Low risk behavior
General behavior:This executable has a PDB path
Low risk behavior
General behavior:One or more processes crashed
Low risk behavior
System Environment Detection:Reads the active computer name
可疑行为
Reverse Engineering:Checks if process is being debugged by a debugger
可疑行为
Reverse Engineering:Contains functionality to create guard pages, often used to hinder reverse engineering and debugging
可疑行为
General behavior:Contains functionality to enum modules
可疑行为
Information gathering:Contains functionality to retrieve information about pressed keystrokes
可疑行为
Anti-detection Technology:Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available
可疑行为
Reverse Engineering:The binary likely contains encrypted or compressed data indicative of a packer
可疑行为
System Sensitive Operations:Checks for the Locally Unique Identifier on the system for a suspicious privilege
Static information
PE section table information
Section name:.text
Virtual address:0x00001000
Physical address:0x00000400
Physical size:0x00019800
Section permissions:R-E
Section name:.rdata
Virtual address:0x0001b000
Physical address:0x00019c00
Physical size:0x00006e00
Section permissions:R--
Section name:.data
Virtual address:0x00022000
Physical address:0x00020a00
Physical size:0x00001600
Section permissions:RW-
Section name:.rsrc
Virtual address:0x00026000
Physical address:0x00022000
Physical size:0x00028000
Section permissions:R--
PE basic information
import_hash:bf5a4aa99e5b160f8521cadd6bfe73b8
time_stamp:2012-07-14 06:47:16
entry_point_section:.text
entry_point_section:.text
image_base:0x400000
entry_point:0xcd2f
PE resource information
name:RT_RCDATA
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x00026124
size:0x000277cd
name:RT_RCDATA
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x0004d8f4
size:0x00000020
name:RT_VERSION
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x0004d914
size:0x0000034c
name:RT_MANIFEST
language:LANG_NEUTRAL
filetype:XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
sublanguage:SUBLANG_NEUTRAL
offset:0x0004dc60
size:0x000001ea

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号