VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load
魔方.vmp.exe    Threatbook file behavior analysis report
Virscan.org multi-engine scan report
Basic Information
file name:魔方.vmp.exe
file type:EXEx86
Submission time:2019-01-11 23:00:22
Threat level:suspicious
MD5:aff1c7a7dfd0e9d9c69745528dd9d14a
sha256:fc5562b4bd610e9d6b0c3e1b3e1e6b05d2c16eae0a7b879a8da81ba4c816fe3e
Document Threat Intelligence IOC Report
No intelligence IOC detected
Intelligence decision system
Undetected intelligence determination system
Network behavior report
domains:0
dns:0
http:0
hosts:1
hosts:2
hosts:2
hosts:1
Document release report
File release report not detected
File process number report
Process details:0
                            
Document behavior signature report
Low risk behavior
General behavior:Read or write ini files
Low risk behavior
Static File Characteristics:PE file has a big raw section
Low risk behavior
General behavior:Contains ability to find and load resources of a specific module
Low risk behavior
System Environment Detection:Contains functionality to query system information
Low risk behavior
Static File Characteristics:Found potential IP address or url in binary/memory
Low risk behavior
System Environment Detection:Contains ability to query machine timezone
可疑行为
Network correlation:Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
可疑行为
System Sensitive Operations:Contains functionality to enum processes or threads
可疑行为
General behavior:Potential time zone aware malware
可疑行为
Information gathering:Contains functionality to retrieve information about pressed keystrokes
可疑行为
可疑行为
Reverse Engineering:The binary likely contains encrypted or compressed data indicative of a packer
可疑行为
System Sensitive Operations:Checks for the Locally Unique Identifier on the system for a suspicious privilege
可疑行为
Static File Characteristics:Public key (encryption) found
可疑行为
Reverse Engineering:The executable is likely packed with VMProtect
高危行为
Static information
PE section table information
Section name:.text
Virtual address:0x00001000
Physical address:0x00000000
Physical size:0x00000000
Section permissions:R-E
Section name:.rdata
Virtual address:0x000b8000
Physical address:0x00000000
Physical size:0x00000000
Section permissions:R--
Section name:.data
Virtual address:0x000f2000
Physical address:0x00000000
Physical size:0x00000000
Section permissions:RW-
Section name:.vmp0
Virtual address:0x0012c000
Physical address:0x00000000
Physical size:0x00000000
Section permissions:R-E
Section name:.vmp1
Virtual address:0x008ac000
Physical address:0x00001000
Physical size:0x00a18000
Section permissions:R-E
Section name:.rsrc
Virtual address:0x012c4000
Physical address:0x00a19000
Physical size:0x00002000
Section permissions:R--
PE basic information
import_hash:ae2441f7527e6489d8427ee4558a368b
time_stamp:2019-01-11 16:24:15
entry_point_section:.vmp1
entry_point_section:.vmp1
image_base:0x400000
entry_point:0xa981cd
PE resource information
name:RT_ICON
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x012c41ac
size:0x000002e8
name:RT_ICON
language:LANG_CHINESE
filetype:GLS_BINARY_LSB_FIRST
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x012c4494
size:0x00000128
name:RT_ICON
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x012c45bc
size:0x000010a8
name:RT_GROUP_ICON
language:LANG_NEUTRAL
filetype:MS Windows icon resource - 1 icon
sublanguage:SUBLANG_NEUTRAL
offset:0x012c5664
size:0x00000014
name:RT_VERSION
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x012c5678
size:0x00000240
name:RT_MANIFEST
language:LANG_NEUTRAL
filetype:XML document text
sublanguage:SUBLANG_NEUTRAL
offset:0x012c58b8
size:0x000001cd

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号