VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load
52e86bbcc8e6e024bef555bde8203aa2    Threatbook file behavior analysis report
Virscan.org multi-engine scan report
Basic Information
file name:52e86bbcc8e6e024bef555bde8203aa2
file type:EXEx86
Submission time:2019-01-20 16:41:34
Threat level:malicious
MD5:52e86bbcc8e6e024bef555bde8203aa2
sha256:1a038c8b46c28e54555d0b9d551ea078e8add88664db6be01fefc3660c36bb7a
Document Threat Intelligence IOC Report
No intelligence IOC detected
Intelligence decision system
Undetected intelligence determination system
Network behavior report
domains:0
dns:0
http:0
udp:0
smtp:0
icmp:0
irc:0
hosts:0
Document release report
file name:ltuidgl.dll
file type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
file size:24064
MD5:d036dfe7f9f4a33b621284f3edd3aa0d
file name:hngfruf.exe
file type:PE32 executable (GUI) Intel 80386, for MS Windows
file size:137432
MD5:e6f769a1637619b317cfaef589a7292d
File process number report
Process details:共分析了2个进程
Document behavior signature report
Low risk behavior
System Environment Detection:Queries for the computername
Suspicious behavior0
High risk behavior0
Low risk behavior
General behavior:Contains ability to find and load resources of a specific module
Suspicious behavior0
High risk behavior0
Low risk behavior
System Environment Detection:Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate)
Suspicious behavior0
High risk behavior0
Low risk behavior
System Environment Detection:Contains functionality to query system information
Suspicious behavior0
High risk behavior0
Low risk behavior0
Suspicious behavior
Reverse Engineering:Checks if process is being debugged by a debugger
High risk behavior0
Low risk behavior0
Suspicious behavior
System Sensitive Operations:Creates executable files on the filesystem
High risk behavior0
Low risk behavior0
Suspicious behavior
Reverse Engineering:The binary likely contains encrypted or compressed data indicative of a packer
High risk behavior0
Low risk behavior0
Suspicious behavior0
High risk behavior
Persistence:Installs itself for autorun at Windows startup
Low risk behavior0
Suspicious behavior0
High risk behavior
Persistence:Installs itself in AppInit to inject into new processes
Low risk behavior0
Suspicious behavior0
High risk behavior
General behavior:Creates a slightly modified copy of itself
Static information
Section name:.text
Virtual address:0x00001000
Physical address:0x00000400
Physical size:0x0000225c
Section permissions:RWE
Section name:.bss
Virtual address:0x00004000
Physical address:0x00000000
Physical size:0x00000000
Section permissions:RW-
Section name:.data
Virtual address:0x00005000
Physical address:0x00002800
Physical size:0x0001dff4
Section permissions:RW-
Section name:.idata
Virtual address:0x00023000
Physical address:0x00020a00
Physical size:0x00000358
Section permissions:R--
Section name:.rsrc
Virtual address:0x00024000
Physical address:0x00020e00
Physical size:0x000005c4
Section permissions:R--
Section name:.reloc2
Virtual address:0x00025000
Physical address:0x00021400
Physical size:0x00000155
Section permissions:RW-
import_hash:db821b8c11ac13e850ef2fafb2bd83bf
time_stamp:2013-05-06 02:33:30
entry_point_section:.text
entry_point_section:.text
image_base:0x400000
entry_point:0x1219
name:RT_STRING
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x00024090
size:0x000002f6
name:RT_STRING
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x00024388
size:0x0000023c

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号