VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load
52e198eefd727db66871067497a897ea    Threatbook file behavior analysis report
Virscan.org multi-engine scan report
Basic Information
file name:52e198eefd727db66871067497a897ea
file type:EXEx86
Submission time:2018-12-11 05:28:14
Threat level:malicious
MD5:52e198eefd727db66871067497a897ea
sha256:8aac8ea3d51592f90f957c94e5cd2f1d165f689d23d903b1ab93aa025da0636d
Document Threat Intelligence IOC Report
No intelligence IOC detected
Intelligence decision system
Undetected intelligence determination system
Network behavior report
domains
ip:109.164.3.167
domain:microsofwin.sytes.net
dns
type:A
request:microsofwin.sytes.net
http:0
udp:0
smtp:0
icmp:0
irc:0
hosts:0
Document release report
File release report not detected
File process number report
Process details:共分析了1个进程
Document behavior signature report
Low risk behavior
System Environment Detection:Contains functionality to query system information
Suspicious behavior0
High risk behavior0
Low risk behavior
System Environment Detection:Contains ability to query machine timezone
Suspicious behavior0
High risk behavior0
Low risk behavior
General behavior:One or more processes crashed
Suspicious behavior0
High risk behavior0
Low risk behavior
System Environment Detection:Reads the active computer name
Suspicious behavior0
High risk behavior0
Low risk behavior0
Suspicious behavior
Network correlation:Connects to a Dynamic DNS Domain
High risk behavior0
Low risk behavior0
Suspicious behavior
Reverse Engineering:Contains functionality to create guard pages, often used to hinder reverse engineering and debugging
High risk behavior0
Low risk behavior0
Suspicious behavior
General behavior:Potential time zone aware malware
High risk behavior0
Low risk behavior0
Suspicious behavior
Anti-detection Technology:Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available
High risk behavior0
Low risk behavior0
Suspicious behavior
Reverse Engineering:The binary likely contains encrypted or compressed data indicative of a packer
High risk behavior0
Low risk behavior0
Suspicious behavior
General behavior:Reads terminal service related keys (often RDP related)
High risk behavior0
Low risk behavior0
Suspicious behavior0
High risk behavior
System Environment Detection:Checks the CPU name from registry, possibly for anti-virtualization
Low risk behavior0
Suspicious behavior0
High risk behavior
Reverse Engineering:Checks if process is being debugged by a debugger
Low risk behavior0
Suspicious behavior0
High risk behavior
Information gathering:Creates a windows hook that monitors keyboard input (keylogger)
Low risk behavior0
Suspicious behavior0
High risk behavior
Information gathering:Installs a message hook
Static information
Section name:.text
Virtual address:0x00002000
Physical address:0x00000400
Physical size:0x000a8c00
Section permissions:R-E
Section name:.sdata
Virtual address:0x000ac000
Physical address:0x000a9000
Physical size:0x00000200
Section permissions:RW-
Section name:.rsrc
Virtual address:0x000ae000
Physical address:0x000a9200
Physical size:0x00000c00
Section permissions:R--
Section name:.reloc
Virtual address:0x000b0000
Physical address:0x000a9e00
Physical size:0x00000200
Section permissions:R--
import_hash:f34d5f2d4577ed6d9ceec516c1f5a744
time_stamp:2018-12-08 02:06:44
entry_point_section:.text
entry_point_section:.text
image_base:0x400000
entry_point:0xaaace
name:RT_ICON
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x000ae160
size:0x000002e8
name:RT_ICON
language:LANG_NEUTRAL
filetype:GLS_BINARY_LSB_FIRST
sublanguage:SUBLANG_NEUTRAL
offset:0x000ae448
size:0x00000128
name:RT_GROUP_ICON
language:LANG_NEUTRAL
filetype:MS Windows icon resource - 2 icons, 32x32, 16-colors
sublanguage:SUBLANG_NEUTRAL
offset:0x000ae570
size:0x00000022
name:RT_VERSION
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x000ae594
size:0x00000300
name:RT_MANIFEST
language:LANG_NEUTRAL
filetype:XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
sublanguage:SUBLANG_NEUTRAL
offset:0x000ae894
size:0x000001ea

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号