VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load
KLTextCrypt.exe    Threatbook file behavior analysis report
Virscan.org multi-engine scan report
Behavior analysis report:         Habo file analysis
Basic Information
file name:KLTextCrypt.exe
file type:EXEx86
Submission time:2018-12-18 13:30:07
Threat level:malicious
MD5:42cea807cbe23586c954f87c56b64d63
sha256:c2e855313a54d7876244e384578c724f844e9afb01af2ac8ae9fb17d79d44112
Document Threat Intelligence IOC Report
No intelligence IOC detected
Intelligence decision system
Undetected intelligence determination system
Network behavior report
domains:0
dns:0
http:0
hosts:4
Document release report
file name:px9EC0.tmp
file type:empty
file size:0
MD5:d41d8cd98f00b204e9800998ecf8427e
file name:c2e855313a54d7876244e384578c724f844e9afb01af2ac8ae9fb17d79d44112srv.exe
file type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
file size:56320
MD5:ff5e1f27193ce51eec318714ef038bef
File process number report
Process details:0
Document behavior signature report
Static information
PE section table information
Section name:.text
Virtual address:0x00001000
Physical address:0x00001000
Physical size:0x0001e000
Section permissions:R-E
Section name:.rdata
Virtual address:0x0001f000
Physical address:0x0001f000
Physical size:0x00006000
Section permissions:R--
Section name:.data
Virtual address:0x00025000
Physical address:0x00025000
Physical size:0x00006000
Section permissions:RW-
Section name:.rsrc
Virtual address:0x0003c000
Physical address:0x0002b000
Physical size:0x00005000
Section permissions:R--
Section name:.rmnet
Virtual address:0x00041000
Physical address:0x00030000
Physical size:0x0000f000
Section permissions:RWE
PE basic information
import_hash:487fd70919de97ff159816b87ff74e7f
time_stamp:2007-07-31 20:32:42
entry_point_section:.rmnet
entry_point_section:.rmnet
image_base:0x400000
entry_point:0x41000
PE resource information
name:RT_CURSOR
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x0003d9d0
size:0x00000134
name:RT_CURSOR
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x0003db08
size:0x000000b4
name:RT_BITMAP
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x0003dbe8
size:0x000005e4
name:RT_BITMAP
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x0003e2b8
size:0x000000b8
name:RT_BITMAP
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x0003e370
size:0x0000016c
name:RT_BITMAP
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x0003e4e0
size:0x00000144
name:RT_ICON
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x0003c720
size:0x000002e8
name:RT_ICON
language:LANG_ENGLISH
filetype:GLS_BINARY_LSB_FIRST
sublanguage:SUBLANG_ENGLISH_US
offset:0x0003ca08
size:0x00000128
name:RT_DIALOG
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x0003cb58
size:0x000000ca
name:RT_DIALOG
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x0003cc28
size:0x00000186
name:RT_DIALOG
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x0003d068
size:0x00000332
name:RT_DIALOG
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x0003cdb0
size:0x000002b8
name:RT_DIALOG
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x0003d3a0
size:0x00000218
name:RT_DIALOG
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x0003e1d0
size:0x000000e8
name:RT_STRING
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x0003e628
size:0x00000054
name:RT_STRING
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x0003e680
size:0x000006ca
name:RT_STRING
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x0003ed98
size:0x000000b8
name:RT_STRING
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x0003ed50
size:0x00000046
name:RT_STRING
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x0003ee50
size:0x00000082
name:RT_STRING
language:LANG_ENGLISH
filetype:dBase IV DBT of i.DBF, blocks size 4718630, next free block index 327680
sublanguage:SUBLANG_ENGLISH_US
offset:0x0003eed8
size:0x0000002a
name:RT_STRING
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x0003ef08
size:0x0000014a
name:RT_STRING
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x0003f058
size:0x000004e2
name:RT_STRING
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x0003f8d0
size:0x000002a2
name:RT_STRING
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x0003f5f0
size:0x000002dc
name:RT_STRING
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x0003f540
size:0x000000ac
name:RT_STRING
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x000402a8
size:0x000000de
name:RT_STRING
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x0003fb78
size:0x000004c4
name:RT_STRING
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x00040040
size:0x00000264
name:RT_STRING
language:LANG_ENGLISH
filetype:dBase IV DBT of e.DBF, blocks size 7864425, next free block index 7340038
sublanguage:SUBLANG_ENGLISH_US
offset:0x00040388
size:0x0000002c
name:RT_GROUP_CURSOR
language:LANG_ENGLISH
filetype:Lotus 1-2-3
sublanguage:SUBLANG_ENGLISH_US
offset:0x0003dbc0
size:0x00000022
name:RT_GROUP_ICON
language:LANG_ENGLISH
filetype:MS Windows icon resource - 2 icons, 32x32, 16-colors
sublanguage:SUBLANG_ENGLISH_US
offset:0x0003cb30
size:0x00000022
name:RT_VERSION
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x0003d620
size:0x000003b0
name:None
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x0003d5b8
size:0x00000064

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号