VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load
mini-KMS_Activator_v1.3_Office2010_VL_ENG.exe    Threatbook file behavior analysis report
Virscan.org multi-engine scan report
Basic Information
file name:mini-KMS_Activator_v1.3_Office2010_VL_ENG.exe
file type:EXEx86
Submission time:2018-10-20 03:00:19
Threat level:malicious
MD5:be7563a984dc5168ce14181b90432859
sha256:e9045c4012cdfd4f2911db303478527e2006aa3b148dfdbacae85b4ee3b52e5e
Document Threat Intelligence IOC Report
No intelligence IOC detected
Intelligence decision system
Undetected intelligence determination system
Network behavior report
domains:0
dns:0
http:0
Document release report
file name:4504.tmp
file type:empty
file size:0
MD5:d41d8cd98f00b204e9800998ecf8427e
file name:apm2137.tmp
file type:Lotus 1-2-3
file size:13942
MD5:7f048ebf832f4c72ca92e7d97b0f566e
file name:apm234C.tmp
file type:Lotus 1-2-3
file size:13942
MD5:f4ac318a68081b2d2d7dd817dfde5f0b
file name:ospp.vbs
file type:ASCII text, with CRLF line terminators
file size:49377
MD5:be4c7de95be73e8a83ff9b3189a93e00
file name:portqry.exe
file type:PE32 executable (console) Intel 80386, for MS Windows
file size:143360
MD5:c6ac67f4076ca431acc575912c194245
file name:choice.exe
file type:PE32 executable (console) Intel 80386, for MS Windows
file size:36864
MD5:a704d22d57b62553e27ad261276b0625
file name:help.txt
file type:Non-ISO extended-ASCII text, with CRLF line terminators
file size:11777
MD5:09a15be2b1af5abe0b4abd4690c79f24
file name:slerror.xml
file type:ASCII text, with CRLF line terminators
file size:33019
MD5:df1ef05879e06c5f09f3e1022f37b5cb
file name:autorun.apm
file type:data
file size:198103
MD5:748f99ec78fc9e2e3bba87c6441dfd0e
file name:ospprearm.exe
file type:PE32 executable (console) Intel 80386, for MS Windows
file size:14176
MD5:7ffae006610a85317fbb092a2d65d1a9
file name:cscript.exe
file type:PE32 executable (console) Intel 80386, for MS Windows
file size:153088
MD5:34098403f9d8f71ce2ec749122168e89
file name:hidcon.exe
file type:PE32 executable (GUI) Intel 80386, for MS Windows
file size:2048
MD5:b2dadab18c318443301d0087cd7200ba
file name:srvany.exe
file type:PE32 executable (console) Intel 80386, for MS Windows
file size:8192
MD5:4635935fc972c582632bf45c26bfcb0e
file name:hs_message.vbs
file type:ASCII text, with CRLF line terminators
file size:796
MD5:af0559e0301b2f75fa7ce812c5296de8
file name:service.inf
file type:ASCII text, with CRLF line terminators
file size:1012
MD5:9ee35b92ce83972e9d38f57b6b885057
file name:osppc.dll
file type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
file size:127232
MD5:1d9c3d7a1f8838e6280fa3f7d1fe4ed8
file name:autorun.exe
file type:PE32 executable (GUI) Intel 80386, for MS Windows
file size:1512448
MD5:c98d6abc5ae3fcd85f2ae09d95f584cb
file name:run.cmd
file type:DOS batch file, ASCII text, with CRLF line terminators
file size:1130
MD5:0b851d375a6a8a8b04431d9635371f85
file name:kmservice.exe
file type:PE32 executable (console) Intel 80386, for MS Windows
file size:151552
MD5:bca43e19e7013331d99ff788ea6b42a0
file name:apm1c74.tmp
file type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
file size:149504
MD5:3d4839228c7ee77e28832879eeb17340
file name:scripts.cmd
file type:DOS batch file, ASCII text, with CRLF line terminators
file size:18053
MD5:88b8672ec7546cb73efafca3f2d67513
File process number report
Process details:0
                                                
Document behavior signature report
Low risk behavior
General behavior:Creates a writable file in a temporary directory
Low risk behavior
General behavior:Creates mutexes
Low risk behavior
System Sensitive Operations:Dropped files
Low risk behavior
General behavior:Contains functionality to enumerate / list files inside a directory
Low risk behavior
General behavior:Contains ability to find and load resources of a specific module
Low risk behavior
System Environment Detection:Contains functionality to query system information
Low risk behavior
Static File Characteristics:PE file contains zero-size sections
Low risk behavior
Static File Characteristics:The executable uses a known packer
Low risk behavior
System Environment Detection:Reads the active computer name
Low risk behavior
General behavior:Reads Windows Trust Settings
可疑行为
System Sensitive Operations:Allocates read-write-execute memory (usually to unpack itself)
可疑行为
System Sensitive Operations:Creates executable files on the filesystem
可疑行为
System Sensitive Operations:Disables application error messsages (SetErrorMode)
可疑行为
General behavior:Drops a binary and executes it
可疑行为
Information gathering:Contains functionality to retrieve information about pressed keystrokes
可疑行为
Static File Characteristics:May infect USB drives
可疑行为
Anti-detection Technology:Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available
可疑行为
Reverse Engineering:The binary likely contains encrypted or compressed data indicative of a packer
可疑行为
Information gathering:Queries sensitive IE security settings
可疑行为
Information gathering:Reads software policies
可疑行为
General behavior:Reads terminal service related keys (often RDP related)
可疑行为
Reverse Engineering:The executable is compressed using UPX
高危行为
General behavior:Creates an Alternate Data Stream (ADS)
高危行为
Anti-detection Technology:A process created a hidden window
Static information
PE section table information
Section name:UPX0
Virtual address:0x00001000
Physical address:0x00000200
Physical size:0x00000000
Section permissions:RWE
Section name:UPX1
Virtual address:0x00178000
Physical address:0x00000200
Physical size:0x000f7200
Section permissions:RWE
Section name:.rsrc
Virtual address:0x00270000
Physical address:0x000f7400
Physical size:0x00007400
Section permissions:RW-
PE basic information
import_hash:26d3c4cf36a46cd980f89d55afb73146
time_stamp:2009-02-07 14:33:08
entry_point_section:UPX1
entry_point_section:UPX1
image_base:0x400000
entry_point:0x26e620
PE resource information
name:RT_ICON
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x002703a0
size:0x00000ea8
name:RT_ICON
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x0027124c
size:0x000008a8
name:RT_ICON
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x00271af8
size:0x000006c8
name:RT_ICON
language:LANG_NEUTRAL
filetype:GLS_BINARY_LSB_FIRST
sublanguage:SUBLANG_NEUTRAL
offset:0x002721c4
size:0x00000568
name:RT_ICON
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x00272730
size:0x000025a8
name:RT_ICON
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x00274cdc
size:0x000010a8
name:RT_ICON
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x00275d88
size:0x00000988
name:RT_ICON
language:LANG_NEUTRAL
filetype:GLS_BINARY_LSB_FIRST
sublanguage:SUBLANG_NEUTRAL
offset:0x00276714
size:0x00000468
name:RT_RCDATA
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00012b5c
size:0x0000046a
name:RT_RCDATA
language:LANG_NEUTRAL
filetype:empty
sublanguage:SUBLANG_NEUTRAL
offset:0x00012fc8
size:0x00259213
name:RT_RCDATA
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x0026c1dc
size:0x0000012b
name:RT_RCDATA
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x0026c308
size:0x00000007
name:RT_RCDATA
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x0026c310
size:0x00000006
name:RT_GROUP_ICON
language:LANG_NEUTRAL
filetype:MS Windows icon resource - 8 icons, 48x48, 256-colors
sublanguage:SUBLANG_NEUTRAL
offset:0x00276b80
size:0x00000076
name:RT_VERSION
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x00276bfc
size:0x000002fc
name:RT_MANIFEST
language:LANG_NEUTRAL
filetype:XML document text
sublanguage:SUBLANG_NEUTRAL
offset:0x00276efc
size:0x0000029c

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号