VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load
6b237c6ffcaa70184d4ae6e9fe8c0a3d    Threatbook file behavior analysis report
Virscan.org multi-engine scan report
Basic Information
file name:6b237c6ffcaa70184d4ae6e9fe8c0a3d
Submission time:2019-02-13 01:05:24
Threat level:malicious
MD5:6b237c6ffcaa70184d4ae6e9fe8c0a3d
sha256:cc19e42def77f9cf88532c8205ff74c390d2c990f3f39b8f440867e74d9e3c80
Document Threat Intelligence IOC Report
No intelligence IOC detected
Intelligence decision system
Undetected intelligence determination system
Network behavior report
domains:0
dns:0
http:0
Document release report
file name:explorer.~exe
file type:PE32 executable (GUI) Intel 80386, for MS Windows
file size:1572864
MD5:6b237c6ffcaa70184d4ae6e9fe8c0a3d
file name:spoolsv.~exe
file type:PE32 executable (GUI) Intel 80386, for MS Windows
file size:1572864
MD5:b7fda183b66e629374b986f486a9623c
file name:svchost.~exe
file type:PE32 executable (GUI) Intel 80386, for MS Windows
file size:1572864
MD5:edefc3fd5e346d0f0888ed8e85c74aae
File process number report
Process details:0
                                    
Document behavior signature report
Low risk behavior
System Environment Detection:Queries for the computername
Low risk behavior
General behavior:Contains ability to find and load resources of a specific module
Low risk behavior
System Environment Detection:Contains functionality to query system information
Low risk behavior
System Environment Detection:Contains functionality to query the account / user name
可疑行为
System Sensitive Operations:Copy itself to other directories
可疑行为
System Sensitive Operations:Creates executable files on the filesystem
可疑行为
System Sensitive Operations:Disables application error messsages (SetErrorMode)
可疑行为
General behavior:Marks file for deletion
可疑行为
General behavior:Expresses interest in specific running processes
可疑行为
Static File Characteristics:Found TLS callbacks
高危行为
Persistence:Installs itself for autorun at Windows startup
高危行为
高危行为
Anti-detection Technology:Creates a fake system process
高危行为
Anti-detection Technology:A process created a hidden window
高危行为
System Sensitive Operations:Set file attributes to hidden
高危行为
Anti-detection Technology:Installs an hook procedure to monitor for mouse events
高危行为
Information gathering:Creates a windows hook that monitors keyboard input (keylogger)
高危行为
General behavior:Creates a slightly modified copy of itself
高危行为
System Sensitive Operations:Attempts to modify Explorer settings to prevent hidden files from being displayed
Static information
PE section table information
Section name:.text
Virtual address:0x00001000
Physical address:0x00000400
Physical size:0x0011c000
Section permissions:R-E
Section name:.itext
Virtual address:0x0011d000
Physical address:0x0011c400
Physical size:0x00001600
Section permissions:R-E
Section name:.data
Virtual address:0x0011f000
Physical address:0x0011da00
Physical size:0x00009600
Section permissions:RW-
Section name:.bss
Virtual address:0x00129000
Physical address:0x00127000
Physical size:0x00000000
Section permissions:RW-
Section name:.idata
Virtual address:0x001b0000
Physical address:0x00127000
Physical size:0x00004000
Section permissions:RW-
Section name:.didata
Virtual address:0x001b4000
Physical address:0x0012b000
Physical size:0x00000400
Section permissions:RW-
Section name:.tls
Virtual address:0x001b5000
Physical address:0x0012b400
Physical size:0x00000000
Section permissions:RW-
Section name:.rdata
Virtual address:0x001b6000
Physical address:0x0012b400
Physical size:0x00000200
Section permissions:R--
Section name:.reloc
Virtual address:0x001b7000
Physical address:0x0012b600
Physical size:0x00017800
Section permissions:R--
Section name:.rsrc
Virtual address:0x001cf000
Physical address:0x00142e00
Physical size:0x0003d200
Section permissions:R--
PE basic information
import_hash:90488dd1d2c66b8c42e6abbfcbb47a3d
time_stamp:2014-01-17 13:36:09
entry_point_section:.itext
entry_point_section:.itext
image_base:0x400000
entry_point:0x11e3d8
PE resource information
name:UNICODEDATA
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x001cfc70
size:0x0000723f
name:UNICODEDATA
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x001d6eb0
size:0x00007ebd
name:UNICODEDATA
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x001ded70
size:0x000006a8
name:UNICODEDATA
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x001df418
size:0x0000af7d
name:UNICODEDATA
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x001ea398
size:0x0000d3cf
name:UNICODEDATA
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x001f7768
size:0x000014c5
name:RT_CURSOR
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x001f8c30
size:0x00000134
name:RT_CURSOR
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x001f8d64
size:0x00000134
name:RT_CURSOR
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x001f8e98
size:0x00000134
name:RT_CURSOR
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x001f8fcc
size:0x00000134
name:RT_CURSOR
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x001f9100
size:0x00000134
name:RT_CURSOR
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x001f9234
size:0x00000134
name:RT_CURSOR
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x001f9368
size:0x00000134
name:RT_ICON
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x001f949c
size:0x000010a8
name:RT_ICON
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x001fa544
size:0x000010a8
name:RT_STRING
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x001fb5ec
size:0x0000023c
name:RT_STRING
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x001fb828
size:0x00000358
name:RT_STRING
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x001fbb80
size:0x00000394
name:RT_STRING
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x001fbf14
size:0x00000398
name:RT_STRING
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x001fc2ac
size:0x000004c4
name:RT_STRING
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x001fc770
size:0x0000072c
name:RT_STRING
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x001fce9c
size:0x00000864
name:RT_STRING
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x001fd700
size:0x00000864
name:RT_STRING
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x001fdf64
size:0x000007cc
name:RT_STRING
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x001fe730
size:0x000008d4
name:RT_STRING
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x001ff004
size:0x00000a20
name:RT_STRING
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x001ffa24
size:0x00000604
name:RT_STRING
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x00200028
size:0x00000508
name:RT_STRING
language:LANG_NEUTRAL
filetype:Hitachi SH big-endian COFF object, not stripped
sublanguage:SUBLANG_NEUTRAL
offset:0x00200530
size:0x000000a0
name:RT_STRING
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x002005d0
size:0x000000d0
name:RT_STRING
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x002006a0
size:0x000002bc
name:RT_STRING
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x0020095c
size:0x00000418
name:RT_STRING
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x00200d74
size:0x0000034c
name:RT_STRING
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x002010c0
size:0x0000043c
name:RT_STRING
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x002014fc
size:0x00000380
name:RT_STRING
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x0020187c
size:0x000003c0
name:RT_STRING
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x00201c3c
size:0x00000370
name:RT_STRING
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x00201fac
size:0x000000d4
name:RT_STRING
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x00202080
size:0x000000a4
name:RT_STRING
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x00202124
size:0x000002c4
name:RT_STRING
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x002023e8
size:0x00000490
name:RT_STRING
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x00202878
size:0x00000334
name:RT_STRING
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x00202bac
size:0x000002c4
name:RT_RCDATA
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x00202e70
size:0x000082e8
name:RT_RCDATA
language:LANG_NEUTRAL
filetype:Sendmail frozen configuration
sublanguage:SUBLANG_NEUTRAL
offset:0x0020b158
size:0x00000010
name:RT_RCDATA
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x0020b168
size:0x000006c4
name:RT_RCDATA
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x0020b82c
size:0x00000286
name:RT_GROUP_CURSOR
language:LANG_ENGLISH
filetype:Lotus 1-2-3
sublanguage:SUBLANG_ENGLISH_US
offset:0x0020bab4
size:0x00000014
name:RT_GROUP_CURSOR
language:LANG_ENGLISH
filetype:Lotus 1-2-3
sublanguage:SUBLANG_ENGLISH_US
offset:0x0020bac8
size:0x00000014
name:RT_GROUP_CURSOR
language:LANG_ENGLISH
filetype:Lotus 1-2-3
sublanguage:SUBLANG_ENGLISH_US
offset:0x0020badc
size:0x00000014

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号