VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load
3c0bdf2fc8f7535a3229f2739bdd3245    Threatbook file behavior analysis report
Virscan.org multi-engine scan report
Basic Information
file name:3c0bdf2fc8f7535a3229f2739bdd3245
file type:EXEx86
Submission time:2019-02-12 01:05:03
Threat level:malicious
MD5:3c0bdf2fc8f7535a3229f2739bdd3245
sha256:fad05161af993c5178c2d09594ff525863a6c3076c6dd49d08a7a842da21cb61
Document Threat Intelligence IOC Report
No intelligence IOC detected
Intelligence decision system
Undetected intelligence determination system
Network behavior report
domains:0
dns:0
http:0
hosts:1
hosts:1
hosts:6
Document release report
file name:java.exe
file type:empty
file size:0
MD5:d41d8cd98f00b204e9800998ecf8427e
file name:esvmrn.log
file type:data
file size:1184
MD5:bd100464f29e689400a9629354032bcc
file name:services.exe
file type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
file size:8192
MD5:b0fe74719b1b647e2056641931907f4a
file name:zincite.log
file type:data
file size:1184
MD5:f6540ef18e101263a8333c3c789cc849
File process number report
Process details:0
                                    
Document behavior signature report
Low risk behavior
General behavior:Creates a writable file in a temporary directory
Low risk behavior
General behavior:Creates install or setup log file
Low risk behavior
System Environment Detection:Contains functionality to query system information
Low risk behavior
Static File Characteristics:Found potential IP address or url in binary/memory
Low risk behavior
System Environment Detection:Reads the active computer name
可疑行为
General behavior:Requested access to a system service
可疑行为
Reverse Engineering:A process attempted to delay the analysis task.
可疑行为
Network correlation:Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
可疑行为
System Sensitive Operations:Copy itself to other directories
可疑行为
System Sensitive Operations:Creates executable files on the filesystem
可疑行为
Network correlation:Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually)
可疑行为
General behavior:Marks file for deletion
可疑行为
Anti-detection Technology:Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available
可疑行为
System Environment Detection:Contains functionality to search for IE or Outlook window (often done to steal information)
可疑行为
Reverse Engineering:The executable is compressed using UPX
高危行为
Persistence:Installs itself for autorun at Windows startup
高危行为
Anti-detection Technology:Drops files with a known system name (to hide its detection)
高危行为
高危行为
System Sensitive Operations:Modifies file/console tracing settings (often used to hide footprints on system)
Static information
PE section table information
Section name:UPX0
Virtual address:0x00001000
Physical address:0x00000400
Physical size:0x00006a00
Section permissions:RWE
Section name:UPX1
Virtual address:0x00009000
Physical address:0x00006e00
Physical size:0x00006000
Section permissions:RWE
Section name:.rsrc
Virtual address:0x0000f000
Physical address:0x0000ce00
Physical size:0x00000800
Section permissions:RW-
Section name:.imports
Virtual address:0x00010000
Physical address:0x0000d600
Physical size:0x00000600
Section permissions:RW-
PE basic information
import_hash:7ee89a85ea0ffd700fd28e6cfa3d968f
time_stamp:1970-01-01 08:00:00
entry_point_section:UPX0
entry_point_section:UPX0
image_base:0x500000
entry_point:0x3280
PE resource information
name:RT_ICON
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x0000f0d8
size:0x000002e8
name:RT_ICON
language:LANG_ENGLISH
filetype:GLS_BINARY_LSB_FIRST
sublanguage:SUBLANG_ENGLISH_US
offset:0x0000f3c4
size:0x00000128
name:RT_GROUP_ICON
language:LANG_ENGLISH
filetype:MS Windows icon resource - 2 icons, 32x32, 16-colors
sublanguage:SUBLANG_ENGLISH_US
offset:0x0000f4f0
size:0x00000022

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号