VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load
3b5122125ca76129f3a5a37e6089e803    Threatbook file behavior analysis report
Virscan.org multi-engine scan report
Basic Information
file name:3b5122125ca76129f3a5a37e6089e803
file type:EXEx86
Submission time:2019-02-12 01:03:01
Threat level:malicious
MD5:3b5122125ca76129f3a5a37e6089e803
sha256:98766cdd8ae63cc3c711da1ceaef6abd78a95137bd01698139049e2b98806560
Document Threat Intelligence IOC Report
No intelligence IOC detected
Intelligence decision system
Undetected intelligence determination system
Network behavior report
domains
ip:
domain:forces.vashtrafiks.ru
dns
type:A
request:forces.vashtrafiks.ru
http:0
hosts:1
hosts:1
Document release report
File release report not detected
File process number report
Process details:0
                
Document behavior signature report
Low risk behavior
System Environment Detection:Contains functionality to query system information
Low risk behavior
Static File Characteristics:Found potential IP address or url in binary/memory
可疑行为
Network correlation:Resolves a suspicious Top Level Domain (TLD)
可疑行为
General behavior:Requested access to a system service
可疑行为
Anti-detection Technology:Checks adapter addresses which can be used to detect virtual network interfaces
可疑行为
Reverse Engineering:The binary likely contains encrypted or compressed data indicative of a packer
高危行为
Anti-detection Technology:Detects Avast Antivirus through the presence of a library
高危行为
System Sensitive Operations:Modifies file/console tracing settings (often used to hide footprints on system)
Static information
PE section table information
Section name:CODE
Virtual address:0x00001000
Physical address:0x00000400
Physical size:0x0003fa00
Section permissions:R-E
Section name:DATA
Virtual address:0x00041000
Physical address:0x0003fe00
Physical size:0x00002400
Section permissions:RW-
Section name:BSS
Virtual address:0x00044000
Physical address:0x00042200
Physical size:0x00000000
Section permissions:RW-
Section name:.idata
Virtual address:0x00045000
Physical address:0x00042200
Physical size:0x00000800
Section permissions:RW-
Section name:.reloc
Virtual address:0x00046000
Physical address:0x00042a00
Physical size:0x00000e00
Section permissions:R--
Section name:.rsrc
Virtual address:0x00047000
Physical address:0x00043800
Physical size:0x00004400
Section permissions:R--
PE basic information
import_hash:590c9ffb06cbad30c36181dfd45b4c59
time_stamp:1992-06-20 06:22:17
entry_point_section:CODE
entry_point_section:CODE
image_base:0x400000
entry_point:0x1000
PE resource information
name:RT_ICON
language:LANG_NEUTRAL
filetype:GLS_BINARY_LSB_FIRST
sublanguage:SUBLANG_NEUTRAL
offset:0x000471d8
size:0x00000468
name:RT_ICON
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x00047640
size:0x000010a8
name:RT_ICON
language:LANG_NEUTRAL
filetype:dBase IV DBT of `.DBF, blocks size 48, next free block index 40, 1st item \"\306\322\313\377\313\325\317\377\314\326\321\377\314\325\321\377U\250z\3773\234`\3771\230^\377.\224Z\377-\217W\377+\213T\377)\205O\377'\177L\3723|S\264:vT(\"
sublanguage:SUBLANG_NEUTRAL
offset:0x000486e8
size:0x000025a8
name:RT_ACCELERATOR
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_UK
offset:0x0004ac90
size:0x00000070
name:RT_GROUP_ICON
language:LANG_NEUTRAL
filetype:MS Windows icon resource - 3 icons, 16x16, 256-colors
sublanguage:SUBLANG_NEUTRAL
offset:0x0004ad00
size:0x00000030
name:RT_VERSION
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_UK
offset:0x0004ad30
size:0x0000031c
name:RT_MANIFEST
language:LANG_RUSSIAN
filetype:XML document text
sublanguage:SUBLANG_RUSSIAN
offset:0x0004b04c
size:0x000002ed

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号