VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load
6b16211eba51dc0a9be1289395c7d55b    Threatbook file behavior analysis report
Virscan.org multi-engine scan report
Basic Information
file name:6b16211eba51dc0a9be1289395c7d55b
file type:EXEx86
Submission time:2019-02-13 01:04:52
Threat level:malicious
MD5:6b16211eba51dc0a9be1289395c7d55b
sha256:6f8db6d12c44a83edb51d1de01286c720660b92c51aec5f1ff3e3650f14b9cb7
Document Threat Intelligence IOC Report
No intelligence IOC detected
Intelligence decision system
Undetected intelligence determination system
Network behavior report
domains
ip:
domain:77v2p.hopto.org
dns
type:A
request:77v2p.hopto.org
http:0
Document release report
file name:server.exe
file type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
file size:252416
MD5:6b16211eba51dc0a9be1289395c7d55b
File process number report
Process details:0
                                  
Document behavior signature report
Low risk behavior
System Environment Detection:Contains functionality to query system information
Low risk behavior
General behavior:This executable has a PDB path
Low risk behavior
General behavior:One or more processes crashed
Low risk behavior
System Environment Detection:Reads the active computer name
可疑行为
Network correlation:Connects to a Dynamic DNS Domain
可疑行为
Reverse Engineering:A process attempted to delay the analysis task.
可疑行为
Reverse Engineering:Checks if process is being debugged by a debugger
可疑行为
Reverse Engineering:Contains functionality to create guard pages, often used to hinder reverse engineering and debugging
可疑行为
System Sensitive Operations:Creates executable files on the filesystem
可疑行为
System Sensitive Operations:Disables zone checking for all users
可疑行为
General behavior:Drops a binary and executes it
可疑行为
Information gathering:Contains functionality to retrieve information about pressed keystrokes
可疑行为
Anti-detection Technology:Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available
可疑行为
System Sensitive Operations:Checks for the Locally Unique Identifier on the system for a suspicious privilege
高危行为
General behavior:Looks for the Windows Idle Time to determine the uptime
高危行为
System Sensitive Operations:Queues an APC in another process (thread injection)
高危行为
System Sensitive Operations:Attempts to modify Explorer settings to prevent hidden files from being displayed
Static information
PE section table information
Section name:.text
Virtual address:0x00002000
Physical address:0x00000200
Physical size:0x0003d000
Section permissions:R-E
Section name:.rsrc
Virtual address:0x00040000
Physical address:0x0003d200
Physical size:0x00000600
Section permissions:R--
Section name:.reloc
Virtual address:0x00042000
Physical address:0x0003d800
Physical size:0x00000200
Section permissions:R--
PE basic information
import_hash:f34d5f2d4577ed6d9ceec516c1f5a744
time_stamp:2018-11-19 19:10:25
entry_point_section:.text
entry_point_section:.text
image_base:0x400000
entry_point:0x3ef2e
PE resource information
name:RT_VERSION
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x000400a0
size:0x000002e0
name:RT_MANIFEST
language:LANG_NEUTRAL
filetype:XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
sublanguage:SUBLANG_NEUTRAL
offset:0x00040380
size:0x000001ea

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号