VirSCAN.org - Free Multi-Engine Online Virus Scanner v1.02, Supports 47 AntiVirus Engines!

Main Menu

Powered By

3b5122125ca76129f3a5a37e6089e803 Threatbook file behavior analysis report

Virscan.org multi-engine scan report

Basic Information
file name:	3b5122125ca76129f3a5a37e6089e803
file type:	EXEx86
Submission time:	2019-02-12 01:03:01
Threat level:	malicious
MD5:	3b5122125ca76129f3a5a37e6089e803
sha256:	98766cdd8ae63cc3c711da1ceaef6abd78a95137bd01698139049e2b98806560

Document Threat Intelligence IOC Report
No intelligence IOC detected

Intelligence decision system
Undetected intelligence determination system

Network behavior report
domains
ip:
domain:	forces.vashtrafiks.ru
dns
type:	A
request:	forces.vashtrafiks.ru
http:	0
hosts:	1
hosts:	1

Document release report
File release report not detected

File process number report
Process details:	0

Document behavior signature report
Low risk behavior
System Environment Detection:	Contains functionality to query system information
Low risk behavior
Static File Characteristics:	Found potential IP address or url in binary/memory
可疑行为
Network correlation:	Resolves a suspicious Top Level Domain (TLD)
可疑行为
General behavior:	Requested access to a system service
可疑行为
Anti-detection Technology:	Checks adapter addresses which can be used to detect virtual network interfaces
可疑行为
Reverse Engineering:	The binary likely contains encrypted or compressed data indicative of a packer
高危行为
Anti-detection Technology:	Detects Avast Antivirus through the presence of a library
高危行为
System Sensitive Operations:	Modifies file/console tracing settings (often used to hide footprints on system)

Static information
PE section table information
Section name:	CODE
Virtual address:	0x00001000
Physical address:	0x00000400
Physical size:	0x0003fa00
Section permissions:	R-E
Section name:	DATA
Virtual address:	0x00041000
Physical address:	0x0003fe00
Physical size:	0x00002400
Section permissions:	RW-
Section name:	BSS
Virtual address:	0x00044000
Physical address:	0x00042200
Physical size:	0x00000000
Section permissions:	RW-
Section name:	.idata
Virtual address:	0x00045000
Physical address:	0x00042200
Physical size:	0x00000800
Section permissions:	RW-
Section name:	.reloc
Virtual address:	0x00046000
Physical address:	0x00042a00
Physical size:	0x00000e00
Section permissions:	R--
Section name:	.rsrc
Virtual address:	0x00047000
Physical address:	0x00043800
Physical size:	0x00004400
Section permissions:	R--
PE basic information
import_hash:	590c9ffb06cbad30c36181dfd45b4c59
time_stamp:	1992-06-20 06:22:17
entry_point_section:	CODE
entry_point_section:	CODE
image_base:	0x400000
entry_point:	0x1000
PE resource information
name:	RT_ICON
language:	LANG_NEUTRAL
filetype:	GLS_BINARY_LSB_FIRST
sublanguage:	SUBLANG_NEUTRAL
offset:	0x000471d8
size:	0x00000468
name:	RT_ICON
language:	LANG_NEUTRAL
filetype:	data
sublanguage:	SUBLANG_NEUTRAL
offset:	0x00047640
size:	0x000010a8
name:	RT_ICON
language:	LANG_NEUTRAL
filetype:	dBase IV DBT of `.DBF, blocks size 48, next free block index 40, 1st item \"\306\322\313\377\313\325\317\377\314\326\321\377\314\325\321\377U\250z\3773\234`\3771\230^\377.\224Z\377-\217W\377+\213T\377)\205O\377'\177L\3723\|S\264:vT(\"
sublanguage:	SUBLANG_NEUTRAL
offset:	0x000486e8
size:	0x000025a8
name:	RT_ACCELERATOR
language:	LANG_ENGLISH
filetype:	data
sublanguage:	SUBLANG_ENGLISH_UK
offset:	0x0004ac90
size:	0x00000070
name:	RT_GROUP_ICON
language:	LANG_NEUTRAL
filetype:	MS Windows icon resource - 3 icons, 16x16, 256-colors
sublanguage:	SUBLANG_NEUTRAL
offset:	0x0004ad00
size:	0x00000030
name:	RT_VERSION
language:	LANG_ENGLISH
filetype:	data
sublanguage:	SUBLANG_ENGLISH_UK
offset:	0x0004ad30
size:	0x0000031c
name:	RT_MANIFEST
language:	LANG_RUSSIAN
filetype:	XML document text
sublanguage:	SUBLANG_RUSSIAN
offset:	0x0004b04c
size:	0x000002ed