VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load
52eba23782aba62b235fcb648e2ec5c0    Threatbook file behavior analysis report
Virscan.org multi-engine scan report
Basic Information
file name:52eba23782aba62b235fcb648e2ec5c0
file type:EXEx86
Submission time:2019-01-30 18:04:56
Threat level:malicious
MD5:52eba23782aba62b235fcb648e2ec5c0
sha256:8da896e622a3dbf0bbeb88de4c36caaad56cb942091f0236b0c70e843b48e72d
Document Threat Intelligence IOC Report
No intelligence IOC detected
Intelligence decision system
Undetected intelligence determination system
Network behavior report
domains:0
dns:0
http:0
udp:0
smtp:0
icmp:0
irc:0
hosts:0
Document release report
file name:~DF1E6C2F9583AB4608.TMP
file type:Composite Document File V2 Document, No summary info
file size:3072
MD5:b48aa1768ecd04c44ade461f0ead5134
file name:scsBB31.tmp
file type:ASCII text, with CRLF line terminators
file size:174
MD5:1d08020decc6aa416883dea43d77600d
file name:scsBB52.tmp
file type:DOS batch file, ASCII text, with CRLF line terminators
file size:139
MD5:4c361dea398f7aeef49953bdc0ab4a9b
file name:.exe
file type:MS-DOS executable
file size:1478815
MD5:0d5202c3a095f1df21f9f59cc2898891
File process number report
Process details:共分析了2个进程
Document behavior signature report
Low risk behavior
General behavior:Read or write ini files
Suspicious behavior0
High risk behavior0
Low risk behavior
System Environment Detection:Queries for the computername
Suspicious behavior0
High risk behavior0
Low risk behavior
General behavior:Contains ability to find and load resources of a specific module
Suspicious behavior0
High risk behavior0
Low risk behavior
System Environment Detection:Contains functionality to query system information
Suspicious behavior0
High risk behavior0
Low risk behavior
Static File Characteristics:Found potential IP address or url in binary/memory
Suspicious behavior0
High risk behavior0
Low risk behavior
System Environment Detection:Contains ability to query machine timezone
Suspicious behavior0
High risk behavior0
Low risk behavior
System Environment Detection:Contains functionality to query the account / user name
Suspicious behavior0
High risk behavior0
Low risk behavior
General behavior:One or more processes crashed
Suspicious behavior0
High risk behavior0
Low risk behavior0
Suspicious behavior
Reverse Engineering:Checks for the presence of known windows from debuggers and forensic tools
High risk behavior0
Low risk behavior0
Suspicious behavior
Reverse Engineering:Checks if process is being debugged by a debugger
High risk behavior0
Low risk behavior0
Suspicious behavior
Static File Characteristics:Creates executable files without a name
High risk behavior0
Low risk behavior0
Suspicious behavior
System Sensitive Operations:Creates executable files on the filesystem
High risk behavior0
Low risk behavior0
Suspicious behavior
System Sensitive Operations:Disables application error messsages (SetErrorMode)
High risk behavior0
Low risk behavior0
Suspicious behavior
General behavior:Contains functionality to enum modules
High risk behavior0
Low risk behavior0
Suspicious behavior
General behavior:Potential time zone aware malware
High risk behavior0
Low risk behavior0
Suspicious behavior
Information gathering:Contains functionality to retrieve information about pressed keystrokes
High risk behavior0
Low risk behavior0
Suspicious behavior
High risk behavior0
Low risk behavior0
Suspicious behavior
Static File Characteristics:PE file has nameless sections
High risk behavior0
Low risk behavior0
Suspicious behavior
Reverse Engineering:The binary likely contains encrypted or compressed data indicative of a packer
High risk behavior0
Low risk behavior0
Suspicious behavior0
High risk behavior
System Sensitive Operations:Creates an executable file in a user folder
Static information
Section name:
Virtual address:0x00001000
Physical address:0x00001000
Physical size:0x0000f000
Section permissions:RWE
Section name:
Virtual address:0x0002c000
Physical address:0x00010000
Physical size:0x00000000
Section permissions:RWE
Section name:
Virtual address:0x0002e000
Physical address:0x00010000
Physical size:0x0000a000
Section permissions:RWE
Section name:.rsrc
Virtual address:0x0003e000
Physical address:0x0001a000
Physical size:0x0000a000
Section permissions:RWE
Section name:
Virtual address:0x00048000
Physical address:0x00024000
Physical size:0x0002c000
Section permissions:RWE
Section name:.data
Virtual address:0x002c6000
Physical address:0x00050000
Physical size:0x000d6000
Section permissions:RWE
import_hash:37c6c0cc4d20c311c793c6b743da8942
time_stamp:2011-06-15 03:01:16
entry_point_section:
entry_point_section:
image_base:0x400000
entry_point:0x64d2
name:RT_ICON
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x0003e2f8
size:0x00000cd0
name:RT_ICON
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x0003e2f8
size:0x00000cd0
name:RT_ICON
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x0003e2f8
size:0x00000cd0
name:RT_ICON
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x0003e2f8
size:0x00000cd0
name:RT_ICON
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x0003e2f8
size:0x00000cd0
name:RT_ICON
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x0003e2f8
size:0x00000cd0
name:RT_ICON
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x0003e2f8
size:0x00000cd0
name:RT_ICON
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x0003e2f8
size:0x00000cd0
name:RT_ICON
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x0003e2f8
size:0x00000cd0
name:RT_ICON
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x0003e2f8
size:0x00000cd0
name:RT_ICON
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x0003e2f8
size:0x00000cd0
name:RT_ICON
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x0003e2f8
size:0x00000cd0
name:RT_GROUP_ICON
language:LANG_NEUTRAL
filetype:MS Windows icon resource - 12 icons, 32x32, 256-colors
sublanguage:SUBLANG_NEUTRAL
offset:0x00047cb8
size:0x000000ae
name:RT_VERSION
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x00047d68
size:0x000001f4

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号