VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load
fsm_v1_4r3_setup.exe    Threatbook file behavior analysis report
Virscan.org multi-engine scan report
Basic Information
file name:fsm_v1_4r3_setup.exe
file type:EXEx86
Submission time:2019-01-12 00:00:40
Threat level:clean
MD5:6562a5b2ecccd1d92149921a3598b29d
sha256:81a913cfe008a5359c7fed514732eaec00736aace535dd7c653f81b3d1e4098a
Document Threat Intelligence IOC Report
No intelligence IOC detected
Intelligence decision system
Undetected intelligence determination system
Network behavior report
domains:0
dns:0
http:0
hosts:2
hosts:1
hosts:4
hosts:7
hosts:7
Document release report
file name:setup1.exe
file type:PE32 executable (GUI) Intel 80386, for MS Windows
file size:249856
MD5:b9917fc4c836776765e311fff84dd534
file name:setup.lst
file type:ISO-8859 text, with CRLF line terminators
file size:4701
MD5:8a1d79ef1e1f0ca853d7a61e96e79a7f
file name:st6unst.exe
file type:PE32 executable (GUI) Intel 80386, for MS Windows
file size:73216
MD5:d422839c99927db561f5c019643eacec
file name:vb6stkit.dll
file type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
file size:101888
MD5:cff867572b44212b01b711c1fa009537
file name:st6unst.000
file type:ASCII text, with CRLF line terminators
file size:1611
MD5:1ea6c0f68e8b340f67d07dfc962136b1
file name:fsm.cab
file type:Microsoft Cabinet archive data, 2835859 bytes, 22 files
file size:2835859
MD5:604d14c3cf3441834620f910977d20d0
file name:setup.exe
file type:PE32 executable (GUI) Intel 80386, for MS Windows
file size:139776
MD5:ca4d56abba85c97023f2e236dc82c4aa
File process number report
Process details:0
                                      
Document behavior signature report
Low risk behavior
General behavior:Read or write ini files
Low risk behavior
General behavior:Creates a writable file in a temporary directory
Low risk behavior
General behavior:Contains ability to find and load resources of a specific module
Low risk behavior
System Environment Detection:Contains functionality to query system information
Low risk behavior
General behavior:One or more processes crashed
Low risk behavior
System Environment Detection:Reads the active computer name
可疑行为
General behavior:Accesses Audio hardware information via COM
可疑行为
Anti-detection Technology:Checks whether any human activity is being performed by constantly checking whether the foreground window changed
可疑行为
Reverse Engineering:A process attempted to delay the analysis task.
可疑行为
Reverse Engineering:Checks if process is being debugged by a debugger
可疑行为
System Sensitive Operations:Creates executable files on the filesystem
可疑行为
System Sensitive Operations:Disables application error messsages (SetErrorMode)
可疑行为
General behavior:Drops a binary and executes it
可疑行为
Information gathering:Contains functionality to retrieve information about pressed keystrokes
可疑行为
Anti-detection Technology:Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available
可疑行为
可疑行为
Reverse Engineering:The binary likely contains encrypted or compressed data indicative of a packer
可疑行为
Information gathering:Queries sensitive IE security settings
可疑行为
System Environment Detection:Scans for the windows taskbar (often used for explorer injection)
可疑行为
Reverse Engineering:The executable is compressed using UPX
Static information
PE section table information
Section name:UPX0
Virtual address:0x00001000
Physical address:0x00000400
Physical size:0x00000000
Section permissions:RWE
Section name:UPX1
Virtual address:0x00029000
Physical address:0x00000400
Physical size:0x0000ec00
Section permissions:RWE
Section name:.rsrc
Virtual address:0x00038000
Physical address:0x0000f000
Physical size:0x00003400
Section permissions:RW-
PE basic information
import_hash:b602426ec706e7b23572160bb5b68285
time_stamp:2004-11-02 19:56:48
entry_point_section:UPX1
entry_point_section:UPX1
image_base:0x400000
entry_point:0x37aa0
PE resource information
name:RT_BITMAP
language:LANG_RUSSIAN
filetype:empty
sublanguage:SUBLANG_RUSSIAN
offset:0x0001c4b0
size:0x00014a7a
name:RT_ICON
language:LANG_RUSSIAN
filetype:GLS_BINARY_LSB_FIRST
sublanguage:SUBLANG_RUSSIAN
offset:0x000384b4
size:0x00000468
name:RT_ICON
language:LANG_RUSSIAN
filetype:GLS_BINARY_LSB_FIRST
sublanguage:SUBLANG_RUSSIAN
offset:0x00038920
size:0x00000468
name:RT_ICON
language:LANG_RUSSIAN
filetype:data
sublanguage:SUBLANG_RUSSIAN
offset:0x00038d8c
size:0x000010a8
name:RT_ICON
language:LANG_RUSSIAN
filetype:data
sublanguage:SUBLANG_RUSSIAN
offset:0x00039e38
size:0x000010a8
name:RT_DIALOG
language:LANG_RUSSIAN
filetype:data
sublanguage:SUBLANG_RUSSIAN
offset:0x0003394c
size:0x00000282
name:RT_DIALOG
language:LANG_RUSSIAN
filetype:data
sublanguage:SUBLANG_RUSSIAN
offset:0x00033bd0
size:0x0000013a
name:RT_DIALOG
language:LANG_RUSSIAN
filetype:data
sublanguage:SUBLANG_RUSSIAN
offset:0x00033d0c
size:0x000000e8
name:RT_DIALOG
language:LANG_RUSSIAN
filetype:data
sublanguage:SUBLANG_RUSSIAN
offset:0x00033df4
size:0x0000012e
name:RT_DIALOG
language:LANG_RUSSIAN
filetype:data
sublanguage:SUBLANG_RUSSIAN
offset:0x00033f24
size:0x00000338
name:RT_DIALOG
language:LANG_RUSSIAN
filetype:data
sublanguage:SUBLANG_RUSSIAN
offset:0x0003425c
size:0x00000222
name:RT_STRING
language:LANG_RUSSIAN
filetype:data
sublanguage:SUBLANG_RUSSIAN
offset:0x00034480
size:0x0000022c
name:RT_STRING
language:LANG_RUSSIAN
filetype:data
sublanguage:SUBLANG_RUSSIAN
offset:0x000346ac
size:0x00000376
name:RT_STRING
language:LANG_RUSSIAN
filetype:data
sublanguage:SUBLANG_RUSSIAN
offset:0x00034a24
size:0x00000212
name:RT_STRING
language:LANG_RUSSIAN
filetype:Dyalog APL
sublanguage:SUBLANG_RUSSIAN
offset:0x00034c38
size:0x0000027e
name:RT_RCDATA
language:LANG_NEUTRAL
filetype:MPEG ADTS, layer II, v1, 384 kbps, 32 kHz, Monaural
sublanguage:SUBLANG_NEUTRAL
offset:0x00034eb8
size:0x00000010
name:RT_GROUP_ICON
language:LANG_RUSSIAN
filetype:MS Windows icon resource - 4 icons, 16x16, 256-colors
sublanguage:SUBLANG_RUSSIAN
offset:0x0003aee4
size:0x0000003e
name:RT_MANIFEST
language:LANG_RUSSIAN
filetype:XML document text
sublanguage:SUBLANG_RUSSIAN
offset:0x0003af28
size:0x00000213

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号