VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load
3b54b36900f70433071a97f49eba18e8    Threatbook file behavior analysis report
Virscan.org multi-engine scan report
Basic Information
file name:3b54b36900f70433071a97f49eba18e8
file type:EXEx86
Submission time:2019-02-12 01:03:04
Threat level:malicious
MD5:3b54b36900f70433071a97f49eba18e8
sha256:46266626a5cb73323836fd57a213dd4b00e558fa99c49c98a3ca90e368af5661
Document Threat Intelligence IOC Report
No intelligence IOC detected
Intelligence decision system
Undetected intelligence determination system
Network behavior report
domains:0
dns:0
http:0
Document release report
file name:20519890.dat
file type:data
file size:4
MD5:4352d88a78aa39750bf70cd6f27bcaa5
file name:jusched.exe.delme20520
file type:PE32 executable (GUI) Intel 80386, for MS Windows
file size:1447908
MD5:90c4e7487f600a6504c560ced5db37e4
file name:wmpscfgs .exe
file type:PE32 executable (GUI) Intel 80386, for MS Windows
file size:1475972
MD5:8904f803c5eade8c76a86746eff9ae18
file name:wmpscfgs.exe
file type:PE32 executable (GUI) Intel 80386, for MS Windows
file size:1481812
MD5:cbf41254ad125447d355a272e9c662cf
file name:acrotray.exe
file type:PE32 executable (GUI) Intel 80386, for MS Windows
file size:1452244
MD5:8e52aac9c9ccb67e8586539e60bed4b5
file name:acrotray .exe
file type:PE32 executable (GUI) Intel 80386, for MS Windows
file size:1453008
MD5:71506ec1947271e170e30f90c424efa7
file name:jusched.exe
file type:PE32 executable (GUI) Intel 80386, for MS Windows
file size:1482240
MD5:f58961471c2ed750e78edc2ae7c458ea
file name:wmpscfgs.exe
file type:PE32 executable (GUI) Intel 80386, for MS Windows
file size:1496712
MD5:5dd8f0c75c22eb7f1472171c933f53ae
File process number report
Process details:0
                  
Document behavior signature report
Low risk behavior
General behavior:Creates a writable file in a temporary directory
Low risk behavior
Static File Characteristics:Found potential IP address or url in binary/memory
Low risk behavior
General behavior:One or more processes crashed
可疑行为
System Sensitive Operations:Creates executable files on the filesystem
可疑行为
General behavior:Drops a binary and executes it
可疑行为
System Sensitive Operations:Contains functionality to enum processes or threads
可疑行为
可疑行为
System Sensitive Operations:Checks for the Locally Unique Identifier on the system for a suspicious privilege
可疑行为
General behavior:Reads terminal service related keys (often RDP related)
高危行为
Persistence:Installs itself for autorun at Windows startup
Static information
PE section table information
Section name:.text
Virtual address:0x00001000
Physical address:0x00000400
Physical size:0x00006400
Section permissions:R-E
Section name:.rdata
Virtual address:0x00008000
Physical address:0x00006800
Physical size:0x00000a00
Section permissions:R--
Section name:.data
Virtual address:0x00009000
Physical address:0x00007200
Physical size:0x00007400
Section permissions:RW-
PE basic information
import_hash:53b338a5a343440770be2403e59415fb
time_stamp:2009-12-12 05:31:37
entry_point_section:.text
entry_point_section:.text
image_base:0x400000
entry_point:0x38fc
PE resource information

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号