VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load
3b8a84fa27136144545727f5b9c37469    Threatbook file behavior analysis report
Virscan.org multi-engine scan report
Basic Information
file name:3b8a84fa27136144545727f5b9c37469
file type:EXEx86
Submission time:2019-01-27 09:48:26
Threat level:malicious
MD5:3b8a84fa27136144545727f5b9c37469
sha256:3130cae4d492bdf571e5a43fe6438ffe433efc6e98a9c29702e58e429e0bd769
Document Threat Intelligence IOC Report
No intelligence IOC detected
Intelligence decision system
Undetected intelligence determination system
Network behavior report
domains
ip:68.183.239.233
domain:ax100.net
dns
type:A
request:ax100.net
http:0
hosts:2
hosts:6
Document release report
file name:budha.exe
file type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
file size:55240
MD5:9f673f49e80a8bd7ae8468b8674837c1
File process number report
Process details:0
                        
Document behavior signature report
Low risk behavior
General behavior:Creates a writable file in a temporary directory
Low risk behavior
System Environment Detection:Contains functionality to query system information
Low risk behavior
Static File Characteristics:Found potential IP address or url in binary/memory
Low risk behavior
System Environment Detection:Reads the active computer name
可疑行为
Reverse Engineering:Checks if process is being debugged by a debugger
可疑行为
System Sensitive Operations:Creates executable files on the filesystem
可疑行为
General behavior:Drops a binary and executes it
可疑行为
Anti-detection Technology:Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available
可疑行为
Anti-detection Technology:Checks adapter addresses which can be used to detect virtual network interfaces
可疑行为
Reverse Engineering:The binary likely contains encrypted or compressed data indicative of a packer
高危行为
Anti-detection Technology:A process created a hidden window
高危行为
General behavior:Creates a slightly modified copy of itself
Static information
PE section table information
Section name:.bss
Virtual address:0x00001000
Physical address:0x00000400
Physical size:0x00000000
Section permissions:RW-
Section name:.data
Virtual address:0x0000d000
Physical address:0x00000400
Physical size:0x00009000
Section permissions:RW-
Section name:.text
Virtual address:0x00016000
Physical address:0x00009400
Physical size:0x00003800
Section permissions:RWE
Section name:.idata
Virtual address:0x0001a000
Physical address:0x0000cc00
Physical size:0x00000200
Section permissions:RW-
Section name:.NewSec
Virtual address:0x0001b000
Physical address:0x0000ce00
Physical size:0x00000000
Section permissions:RWE
PE basic information
import_hash:17a4bd9c95f2898add97f309fc6f9bcd
time_stamp:2017-09-26 06:47:24
entry_point_section:.text
entry_point_section:.text
image_base:0x400000
entry_point:0x195ec
PE resource information

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号