1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.
Language
Server load
1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.
| Virscan.org multi-engine scan report |
| Basic Information | |
|---|---|
| file name: | 3c0bdf2fc8f7535a3229f2739bdd3245 |
| file type: | EXEx86 |
| Submission time: | 2019-02-12 01:05:03 |
| Threat level: | malicious |
| MD5: | 3c0bdf2fc8f7535a3229f2739bdd3245 |
| sha256: | fad05161af993c5178c2d09594ff525863a6c3076c6dd49d08a7a842da21cb61 |
| Document Threat Intelligence IOC Report | |
|---|---|
| No intelligence IOC detected | |
| Intelligence decision system | |
|---|---|
| Undetected intelligence determination system | |
| Network behavior report | |
|---|---|
| domains: | 0 |
| dns: | 0 |
| http: | 0 |
| hosts: | 1 |
| hosts: | 1 |
| hosts: | 6 |
| Document release report | |
|---|---|
| file name: | java.exe |
| file type: | empty |
| file size: | 0 |
| MD5: | d41d8cd98f00b204e9800998ecf8427e |
| file name: | esvmrn.log |
| file type: | data |
| file size: | 1184 |
| MD5: | bd100464f29e689400a9629354032bcc |
| file name: | services.exe |
| file type: | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
| file size: | 8192 |
| MD5: | b0fe74719b1b647e2056641931907f4a |
| file name: | zincite.log |
| file type: | data |
| file size: | 1184 |
| MD5: | f6540ef18e101263a8333c3c789cc849 |
| File process number report | |
|---|---|
| Process details: | 0 |
| Document behavior signature report | |
|---|---|
| Low risk behavior | |
| General behavior: | Creates a writable file in a temporary directory |
| Low risk behavior | |
| General behavior: | Creates install or setup log file |
| Low risk behavior | |
| System Environment Detection: | Contains functionality to query system information |
| Low risk behavior | |
| Static File Characteristics: | Found potential IP address or url in binary/memory |
| Low risk behavior | |
| System Environment Detection: | Reads the active computer name |
| 可疑行为 | |
| General behavior: | Requested access to a system service |
| 可疑行为 | |
| Reverse Engineering: | A process attempted to delay the analysis task. |
| 可疑行为 | |
| Network correlation: | Contains functionality to open a port and listen for incoming connection (possibly a backdoor) |
| 可疑行为 | |
| System Sensitive Operations: | Copy itself to other directories |
| 可疑行为 | |
| System Sensitive Operations: | Creates executable files on the filesystem |
| 可疑行为 | |
| Network correlation: | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
| 可疑行为 | |
| General behavior: | Marks file for deletion |
| 可疑行为 | |
| Anti-detection Technology: | Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available |
| 可疑行为 | |
| System Environment Detection: | Contains functionality to search for IE or Outlook window (often done to steal information) |
| 可疑行为 | |
| Reverse Engineering: | The executable is compressed using UPX |
| 高危行为 | |
| Persistence: | Installs itself for autorun at Windows startup |
| 高危行为 | |
| Anti-detection Technology: | Drops files with a known system name (to hide its detection) |
| 高危行为 | |
| 高危行为 | |
| System Sensitive Operations: | Modifies file/console tracing settings (often used to hide footprints on system) |
| Static information | |
|---|---|
| PE section table information | |
| Section name: | UPX0 |
| Virtual address: | 0x00001000 |
| Physical address: | 0x00000400 |
| Physical size: | 0x00006a00 |
| Section permissions: | RWE |
| Section name: | UPX1 |
| Virtual address: | 0x00009000 |
| Physical address: | 0x00006e00 |
| Physical size: | 0x00006000 |
| Section permissions: | RWE |
| Section name: | .rsrc |
| Virtual address: | 0x0000f000 |
| Physical address: | 0x0000ce00 |
| Physical size: | 0x00000800 |
| Section permissions: | RW- |
| Section name: | .imports |
| Virtual address: | 0x00010000 |
| Physical address: | 0x0000d600 |
| Physical size: | 0x00000600 |
| Section permissions: | RW- |
| PE basic information | |
| import_hash: | 7ee89a85ea0ffd700fd28e6cfa3d968f |
| time_stamp: | 1970-01-01 08:00:00 |
| entry_point_section: | UPX0 |
| entry_point_section: | UPX0 |
| image_base: | 0x500000 |
| entry_point: | 0x3280 |
| PE resource information | |
| name: | RT_ICON |
| language: | LANG_ENGLISH |
| filetype: | data |
| sublanguage: | SUBLANG_ENGLISH_US |
| offset: | 0x0000f0d8 |
| size: | 0x000002e8 |
| name: | RT_ICON |
| language: | LANG_ENGLISH |
| filetype: | GLS_BINARY_LSB_FIRST |
| sublanguage: | SUBLANG_ENGLISH_US |
| offset: | 0x0000f3c4 |
| size: | 0x00000128 |
| name: | RT_GROUP_ICON |
| language: | LANG_ENGLISH |
| filetype: | MS Windows icon resource - 2 icons, 32x32, 16-colors |
| sublanguage: | SUBLANG_ENGLISH_US |
| offset: | 0x0000f4f0 |
| size: | 0x00000022 |
HOME
