VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load
533556f7c99a3a690e691e9178e29df6    Threatbook file behavior analysis report
Virscan.org multi-engine scan report
Basic Information
file name:533556f7c99a3a690e691e9178e29df6
file type:EXEx86
Submission time:2018-12-15 17:06:17
Threat level:malicious
MD5:533556f7c99a3a690e691e9178e29df6
sha256:29be887eec5f2ee42369b983c65fdd1d0d82806126b0e9f14f4eea27927f4373
Document Threat Intelligence IOC Report
No intelligence IOC detected
Intelligence decision system
Undetected intelligence determination system
Network behavior report
domains:0
dns:0
http:0
udp:0
smtp:0
icmp:0
irc:0
hosts:0
Document release report
file name:nettcpactivator.exe
file type:PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
file size:77312
MD5:0c86a92eec4035810446c931350ab20a
File process number report
Process details:共分析了1个进程
Document behavior signature report
Low risk behavior
System Environment Detection:Queries for the computername
Suspicious behavior0
High risk behavior0
Low risk behavior
System Environment Detection:Contains functionality to query system information
Suspicious behavior0
High risk behavior0
Low risk behavior0
Suspicious behavior
General behavior:Requested access to a system service
High risk behavior0
Low risk behavior0
Suspicious behavior
System Sensitive Operations:Copy itself to other directories
High risk behavior0
Low risk behavior0
Suspicious behavior
System Sensitive Operations:Creates executable files on the filesystem
High risk behavior0
Low risk behavior0
Suspicious behavior
System Sensitive Operations:Contains functionality to enum processes or threads
High risk behavior0
Low risk behavior0
Suspicious behavior
General behavior:Expresses interest in specific running processes
High risk behavior0
Low risk behavior0
Suspicious behavior
General behavior:Reads terminal service related keys (often RDP related)
High risk behavior0
Low risk behavior0
Suspicious behavior0
High risk behavior
Persistence:Autorun at Windows startup by creating service
Low risk behavior0
Suspicious behavior0
High risk behavior0
Static information
Section name:.text
Virtual address:0x00001000
Physical address:0x00000400
Physical size:0x00000c00
Section permissions:R-E
Section name:.data
Virtual address:0x00002000
Physical address:0x00001000
Physical size:0x00000200
Section permissions:RW-
Section name:.rdata
Virtual address:0x00003000
Physical address:0x00001200
Physical size:0x00011400
Section permissions:R--
Section name:.bss
Virtual address:0x00015000
Physical address:0x00000000
Physical size:0x00000000
Section permissions:RW-
Section name:.idata
Virtual address:0x00016000
Physical address:0x00012600
Physical size:0x00000400
Section permissions:RW-
Section name:.rsrc
Virtual address:0x00017000
Physical address:0x00012a00
Physical size:0x00000400
Section permissions:RW-
import_hash:19cbea25ef6a4fcddb612e7cf2e6b263
time_stamp:2013-08-28 11:02:44
entry_point_section:.text
entry_point_section:.text
image_base:0x400000
entry_point:0x1130
name:RT_MANIFEST
language:LANG_ENGLISH
filetype:ASCII text, with CRLF line terminators
sublanguage:SUBLANG_ENGLISH_US
offset:0x00017058
size:0x000001aa

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号