VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load
11.exe    Threatbook file behavior analysis report
Virscan.org multi-engine scan report
Basic Information
file name:11.exe
file type:EXEx86
Submission time:2019-02-13 01:04:55
Threat level:clean
MD5:a70e1856e191609467e53c7016c7ace4
sha256:74247c8f765ffd22e2fd007c26197ecb9ffbc452f35c28de260ae4b379e971d6
Document Threat Intelligence IOC Report
No intelligence IOC detected
Intelligence decision system
Undetected intelligence determination system
Network behavior report
domains
ip:180.97.33.108
domain:www.baidu.com
dns
type:A
request:www.baidu.com
http:0
hosts:1
Document release report
File release report not detected
File process number report
Process details:0
                              
Document behavior signature report
Low risk behavior
General behavior:Command line console output was observed
Low risk behavior
General behavior:Contains ability to find and load resources of a specific module
Low risk behavior
System Environment Detection:Contains functionality to query system information
Low risk behavior
General behavior:This executable has a PDB path
Low risk behavior
Static File Characteristics:Found potential IP address or url in binary/memory
Low risk behavior
System Environment Detection:Contains functionality to query the account / user name
可疑行为
General behavior:Requested access to a system service
可疑行为
Network correlation:Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually)
可疑行为
System Environment Detection:Queries physical drive (often used to detect virtual machines)
可疑行为
Information gathering:Queries the internet cache settings (often used to hide footprints in index.dat or internet cache)
可疑行为
System Environment Detection:Scans for the windows taskbar (often used for explorer injection)
高危行为
System Sensitive Operations:Disables proxy possibly for traffic interception
高危行为
System Environment Detection:Queries information on disks, possibly for anti-virtualization
高危行为
System Sensitive Operations:Set file attributes to hidden
高危行为
System Sensitive Operations:Modifies file/console tracing settings (often used to hide footprints on system)
Static information
PE section table information
Section name:.text
Virtual address:0x00001000
Physical address:0x00000400
Physical size:0x00017400
Section permissions:R-E
Section name:.rdata
Virtual address:0x00019000
Physical address:0x00017800
Physical size:0x00007400
Section permissions:R--
Section name:.data
Virtual address:0x00021000
Physical address:0x0001ec00
Physical size:0x00000a00
Section permissions:RW-
Section name:.rsrc
Virtual address:0x00025000
Physical address:0x0001f600
Physical size:0x00032200
Section permissions:R--
Section name:.reloc
Virtual address:0x00058000
Physical address:0x00051800
Physical size:0x00001200
Section permissions:R--
PE basic information
import_hash:c68847b894560bb170e1713ee69d1706
time_stamp:2019-02-13 00:43:53
entry_point_section:.text
entry_point_section:.text
image_base:0x400000
entry_point:0x5423
PE resource information
name:RT_BITMAP
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x00035970
size:0x00021688
name:RT_ICON
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x00025130
size:0x00010828
name:RT_GROUP_ICON
language:LANG_CHINESE
filetype:MS Windows icon resource - 1 icon
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x00035958
size:0x00000014
name:RT_MANIFEST
language:LANG_ENGLISH
filetype:XML 1.0 document text
sublanguage:SUBLANG_ENGLISH_US
offset:0x00056ff8
size:0x0000017d

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号