VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load
GameOfMir_连击登录器.exe    Threatbook file behavior analysis report
Virscan.org multi-engine scan report
Behavior analysis report:         Habo file analysis
Basic Information
file name:GameOfMir_连击登录器.exe
file type:EXEx86
Submission time:2018-10-15 02:30:50
Threat level:malicious
MD5:e7bad6da0735d3690f84f3f264f43d06
sha256:d7146aa2b06abb0e5e70357b012b0226f6f2121de1ae6d2ef8da7358b28f9ad0
Document Threat Intelligence IOC Report
No intelligence IOC detected
Intelligence decision system
Undetected intelligence determination system
Network behavior report
domains:0
dns:0
http:0
Document release report
File release report not detected
File process number report
Process details:0
Document behavior signature report
Static information
PE section table information
Section name:CODE
Virtual address:0x00001000
Physical address:0x00000400
Physical size:0x0006a000
Section permissions:RW-
Section name:DATA
Virtual address:0x00117000
Physical address:0x0006a400
Physical size:0x00007600
Section permissions:RW-
Section name:BSS
Virtual address:0x00128000
Physical address:0x00071a00
Physical size:0x00000000
Section permissions:RW-
Section name:.idata
Virtual address:0x0012e000
Physical address:0x00071a00
Physical size:0x00001200
Section permissions:RW-
Section name:.tls
Virtual address:0x00131000
Physical address:0x00072c00
Physical size:0x00000000
Section permissions:RW-
Section name:.rdata
Virtual address:0x00132000
Physical address:0x00072c00
Physical size:0x00000200
Section permissions:RW-
Section name:.reloc
Virtual address:0x00133000
Physical address:0x00072e00
Physical size:0x00000000
Section permissions:RW-
Section name:.rsrc
Virtual address:0x00146000
Physical address:0x00072e00
Physical size:0x001a4c00
Section permissions:RW-
Section name:.aspack
Virtual address:0x005b6000
Physical address:0x00217a00
Physical size:0x00001800
Section permissions:RW-
Section name:.adata
Virtual address:0x005b8000
Physical address:0x00219200
Physical size:0x00000000
Section permissions:RW-
PE basic information
import_hash:01eedd9c291596203b3e4914babe655f
time_stamp:1992-06-20 06:22:17
entry_point_section:.aspack
entry_point_section:.aspack
image_base:0x400000
entry_point:0x5b6001
PE resource information
name:DLL
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x00147aa4
size:0x000a6000
name:EXE
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x001edaa4
size:0x00368a00
name:RT_CURSOR
language:LANG_ENGLISH
filetype:empty
sublanguage:SUBLANG_ENGLISH_US
offset:0x005564a4
size:0x00000134
name:RT_CURSOR
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x005565d8
size:0x00000134
name:RT_CURSOR
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0055670c
size:0x00000134
name:RT_CURSOR
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00556840
size:0x00000134
name:RT_CURSOR
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00556974
size:0x00000134
name:RT_CURSOR
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00556aa8
size:0x00000134
name:RT_CURSOR
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00556bdc
size:0x00000134
name:RT_CURSOR
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00556d10
size:0x00000134
name:RT_BITMAP
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00556e44
size:0x000001d0
name:RT_BITMAP
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00557014
size:0x000001e4
name:RT_BITMAP
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x005571f8
size:0x000001d0
name:RT_BITMAP
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x005573c8
size:0x000001d0
name:RT_BITMAP
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00557598
size:0x000001d0
name:RT_BITMAP
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00557768
size:0x000001d0
name:RT_BITMAP
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00557938
size:0x000001d0
name:RT_BITMAP
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00557b08
size:0x000001d0
name:RT_BITMAP
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00557cd8
size:0x000001d0
name:RT_BITMAP
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00557ea8
size:0x000001d0
name:RT_BITMAP
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00558078
size:0x000000c0
name:RT_BITMAP
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00558138
size:0x000000e0
name:RT_BITMAP
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00558218
size:0x000000e0
name:RT_BITMAP
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x005582f8
size:0x000000e0
name:RT_BITMAP
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x005583d8
size:0x000000c0
name:RT_BITMAP
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00558498
size:0x000000c0
name:RT_BITMAP
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00558558
size:0x000000e0
name:RT_BITMAP
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00558638
size:0x000000c0
name:RT_BITMAP
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x005586f8
size:0x000000e0
name:RT_BITMAP
language:LANG_CHINESE
filetype:empty
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x005587d8
size:0x000000e8
name:RT_BITMAP
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x005588c0
size:0x000000c0
name:RT_BITMAP
language:LANG_ENGLISH
filetype:empty
sublanguage:SUBLANG_ENGLISH_US
offset:0x00558980
size:0x000004b8
name:RT_BITMAP
language:LANG_ENGLISH
filetype:empty
sublanguage:SUBLANG_ENGLISH_US
offset:0x00558e38
size:0x000004b8
name:RT_BITMAP
language:LANG_ENGLISH
filetype:empty
sublanguage:SUBLANG_ENGLISH_US
offset:0x005592f0
size:0x000004b8
name:RT_BITMAP
language:LANG_ENGLISH
filetype:empty
sublanguage:SUBLANG_ENGLISH_US
offset:0x005597a8
size:0x000004b8
name:RT_BITMAP
language:LANG_ENGLISH
filetype:empty
sublanguage:SUBLANG_ENGLISH_US
offset:0x00559c60
size:0x000004b8
name:RT_BITMAP
language:LANG_ENGLISH
filetype:empty
sublanguage:SUBLANG_ENGLISH_US
offset:0x0055a118
size:0x00000628
name:RT_BITMAP
language:LANG_ENGLISH
filetype:empty
sublanguage:SUBLANG_ENGLISH_US
offset:0x0055a740
size:0x00000628
name:RT_BITMAP
language:LANG_ENGLISH
filetype:empty
sublanguage:SUBLANG_ENGLISH_US
offset:0x0055ad68
size:0x00000628
name:RT_BITMAP
language:LANG_ENGLISH
filetype:empty
sublanguage:SUBLANG_ENGLISH_US
offset:0x0055b390
size:0x00000628
name:RT_BITMAP
language:LANG_ENGLISH
filetype:empty
sublanguage:SUBLANG_ENGLISH_US
offset:0x0055b9b8
size:0x00000628
name:RT_BITMAP
language:LANG_ENGLISH
filetype:empty
sublanguage:SUBLANG_ENGLISH_US
offset:0x0055bfe0
size:0x00000628
name:RT_BITMAP
language:LANG_ENGLISH
filetype:empty
sublanguage:SUBLANG_ENGLISH_US
offset:0x0055c608
size:0x00000628
name:RT_BITMAP
language:LANG_ENGLISH
filetype:empty
sublanguage:SUBLANG_ENGLISH_US
offset:0x0055cc30
size:0x00000628
name:RT_BITMAP
language:LANG_ENGLISH
filetype:empty
sublanguage:SUBLANG_ENGLISH_US
offset:0x0055d258
size:0x00000628
name:RT_BITMAP
language:LANG_ENGLISH
filetype:empty
sublanguage:SUBLANG_ENGLISH_US
offset:0x0055d880
size:0x00000628
name:RT_BITMAP
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0055dea8
size:0x000000e0
name:RT_ICON
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x005b741c
size:0x000002e8
name:RT_DIALOG
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0055e270
size:0x00000052
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0055e2c4
size:0x000003ae
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0055e674
size:0x00000386
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0055e9fc
size:0x000001a8
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0055eba4
size:0x00000290
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0055ee34
size:0x00000358
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0055f18c
size:0x00000404
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0055f590
size:0x000003f8
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0055f988
size:0x00000310
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0055fc98
size:0x00000324
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0055ffbc
size:0x000003fc
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x005603b8
size:0x000002e8
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x005606a0
size:0x000003f0
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00560a90
size:0x000001d0
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00560c60
size:0x00000168
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00560dc8
size:0x00000120
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00560ee8
size:0x00000144
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0056102c
size:0x000008c0
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x005618ec
size:0x000007a0
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0056208c
size:0x000009b0
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00562a3c
size:0x0000053c
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00562f78
size:0x00000234
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x005631ac
size:0x00000260
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0056340c
size:0x000001bc
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x005635c8
size:0x00000144
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0056370c
size:0x0000011c
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00563828
size:0x000001a0
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x005639c8
size:0x000001d0
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00563b98
size:0x0000016c
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00563d04
size:0x00000238
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00563f3c
size:0x0000037c
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x005642b8
size:0x0000011c
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x005643d4
size:0x000000ec
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x005644c0
size:0x00000130
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x005645f0
size:0x00000414
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00564a04
size:0x000003ac
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00564db0
size:0x000003a4
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00565154
size:0x0000037c
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x005654d0
size:0x000003bc
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0056588c
size:0x000000f0
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0056597c
size:0x000000c0
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00565a3c
size:0x000002d8
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00565d14
size:0x00000414
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00566128
size:0x00000330
name:RT_STRING
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00566458
size:0x00000314
name:RT_RCDATA
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0056676c
size:0x00000010
name:RT_RCDATA
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x0056677c
size:0x00000bf8
name:RT_RCDATA
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00567374
size:0x0000aadf
name:RT_RCDATA
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00571e54
size:0x00012424
name:RT_RCDATA
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00584278
size:0x00013b01
name:RT_RCDATA
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00597d7c
size:0x0000dae3
name:RT_RCDATA
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x005a5860
size:0x000012dd
name:RT_RCDATA
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x005a6b40
size:0x0000d147
name:RT_RCDATA
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x005b3c88
size:0x000012ec
name:RT_GROUP_CURSOR
language:LANG_ENGLISH
filetype:empty
sublanguage:SUBLANG_ENGLISH_US
offset:0x005b4f74
size:0x00000014
name:RT_GROUP_CURSOR
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x005b4f88
size:0x00000014
name:RT_GROUP_CURSOR
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x005b4f9c
size:0x00000014
name:RT_GROUP_CURSOR
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x005b4fb0
size:0x00000014
name:RT_GROUP_CURSOR
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x005b4fc4
size:0x00000014
name:RT_GROUP_CURSOR
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x005b4fd8
size:0x00000014
name:RT_GROUP_CURSOR
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x005b4fec
size:0x00000014
name:RT_GROUP_CURSOR
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x005b5000
size:0x00000014
name:RT_GROUP_ICON
language:LANG_CHINESE
filetype:MS Windows icon resource - 1 icon
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x005b7408
size:0x00000014

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号