VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load
2.exe    Threatbook file behavior analysis report
Virscan.org multi-engine scan report
Basic Information
file name:2.exe
file type:EXEx86
Submission time:2019-03-16 01:02:56
Threat level:malicious
MD5:b60174fea51ff0617de91504989a9fc1
sha256:3b65c38b4ac844d1b5e0f3c622820fd1d3fb375755c2e45d77f02c3cafe9232c
Document Threat Intelligence IOC Report
No intelligence IOC detected
Intelligence decision system
Undetected intelligence determination system
Network behavior report
domains:0
dns:0
http:0
udp:0
smtp:0
icmp:0
irc:0
hosts:0
Document release report
File release report not detected
File process number report
Process details:共分析了4个进程
Document behavior signature report
Low risk behavior
System Environment Detection:Queries for the computername
Suspicious behavior0
High risk behavior0
Low risk behavior
General behavior:Command line console output was observed
Suspicious behavior0
High risk behavior0
Low risk behavior
General behavior:Creates a writable file in a temporary directory
Suspicious behavior0
High risk behavior0
Low risk behavior
System Sensitive Operations:Creates executable files on the filesystem
Suspicious behavior0
High risk behavior0
Low risk behavior
General behavior:Contains ability to find and load resources of a specific module
Suspicious behavior0
High risk behavior0
Low risk behavior
System Environment Detection:Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate)
Suspicious behavior0
High risk behavior0
Low risk behavior
System Environment Detection:Contains functionality to query system information
Suspicious behavior0
High risk behavior0
Low risk behavior
Static File Characteristics:Found potential IP address or url in binary/memory
Suspicious behavior0
High risk behavior0
Low risk behavior
System Environment Detection:Contains ability to query machine timezone
Suspicious behavior0
High risk behavior0
Low risk behavior
System Environment Detection:Contains functionality to query the account / user name
Suspicious behavior0
High risk behavior0
Low risk behavior
General behavior:One or more processes crashed
Suspicious behavior0
High risk behavior0
Low risk behavior
System Environment Detection:Reads the active computer name
Suspicious behavior0
High risk behavior0
Low risk behavior0
Suspicious behavior
Anti-detection Technology:Checks whether any human activity is being performed by constantly checking whether the foreground window changed
High risk behavior0
Low risk behavior0
Suspicious behavior
Reverse Engineering:A process attempted to delay the analysis task.
High risk behavior0
Low risk behavior0
Suspicious behavior
Reverse Engineering:Checks if process is being debugged by a debugger
High risk behavior0
Low risk behavior0
Suspicious behavior
Reverse Engineering:Contains functionality to create guard pages, often used to hinder reverse engineering and debugging
High risk behavior0
Low risk behavior0
Suspicious behavior
General behavior:Drops a binary and executes it
High risk behavior0
Low risk behavior0
Suspicious behavior
System Sensitive Operations:Checks for the Locally Unique Identifier on the system for a suspicious privilege
High risk behavior0
Low risk behavior0
Suspicious behavior
General behavior:Reads terminal service related keys (often RDP related)
High risk behavior0
Low risk behavior0
Suspicious behavior
General behavior:Attempts to remove evidence of file being downloaded from the Internet
High risk behavior0
Low risk behavior0
Suspicious behavior0
High risk behavior
Static File Characteristics:One or more of the buffers contains an embedded PE file
Low risk behavior0
Suspicious behavior0
High risk behavior
General behavior:Looks for the Windows Idle Time to determine the uptime
Low risk behavior0
Suspicious behavior0
High risk behavior
Anti-detection Technology:A process created a hidden window
Static information
Section name:.text
Virtual address:0x00001000
Physical address:0x00000400
Physical size:0x00006000
Section permissions:R-E
Section name:.rdata
Virtual address:0x00007000
Physical address:0x00006400
Physical size:0x00001400
Section permissions:R--
Section name:.data
Virtual address:0x00009000
Physical address:0x00007800
Physical size:0x00000600
Section permissions:RW-
Section name:.ndata
Virtual address:0x0002f000
Physical address:0x00000000
Physical size:0x00000000
Section permissions:RW-
Section name:.rsrc
Virtual address:0x00037000
Physical address:0x00007e00
Physical size:0x00018800
Section permissions:R--
import_hash:29b61e5a552b3a9bc00953de1c93be41
time_stamp:2015-12-27 13:38:55
entry_point_section:.text
entry_point_section:.text
image_base:0x400000
entry_point:0x310d
name:RT_ICON
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x000373d0
size:0x00010828
name:RT_ICON
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x00047bf8
size:0x000025a8
name:RT_ICON
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x0004a1a0
size:0x000010a8
name:RT_ICON
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x0004b248
size:0x00000ea8
name:RT_ICON
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x0004c0f0
size:0x00000988
name:RT_ICON
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x0004ca78
size:0x000008a8
name:RT_ICON
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x0004d320
size:0x000006c8
name:RT_ICON
language:LANG_ENGLISH
filetype:dBase IV DBT of `.DBF, blocks size 48, block length 1536, next free block index 40, 1st item \"\377\377\377\377\377\207\210\210\210\210\217\025\230\210wxDO\377\377\377\377\377\377\377\377\377\377\377x\210\210\210\217\377\361\231\210wwx\377\377\377\377\377\377\377\377\377\377\377\370x\210\210\217\377\367s38\207\"
sublanguage:SUBLANG_ENGLISH_US
offset:0x0004d9e8
size:0x00000668
name:RT_ICON
language:LANG_ENGLISH
filetype:GLS_BINARY_LSB_FIRST
sublanguage:SUBLANG_ENGLISH_US
offset:0x0004e050
size:0x00000568
name:RT_ICON
language:LANG_ENGLISH
filetype:GLS_BINARY_LSB_FIRST
sublanguage:SUBLANG_ENGLISH_US
offset:0x0004e5b8
size:0x00000468
name:RT_ICON
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x0004ea20
size:0x000002e8
name:RT_ICON
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x0004ed08
size:0x000001e8
name:RT_ICON
language:LANG_ENGLISH
filetype:GLS_BINARY_LSB_FIRST
sublanguage:SUBLANG_ENGLISH_US
offset:0x0004eef0
size:0x00000128
name:RT_DIALOG
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x0004f018
size:0x00000100
name:RT_DIALOG
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x0004f118
size:0x0000011c
name:RT_DIALOG
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x0004f238
size:0x00000060
name:RT_GROUP_ICON
language:LANG_ENGLISH
filetype:MS Windows icon resource - 13 icons, 16x16, 16-colors
sublanguage:SUBLANG_ENGLISH_US
offset:0x0004f298
size:0x000000bc
name:RT_MANIFEST
language:LANG_ENGLISH
filetype:XML document text
sublanguage:SUBLANG_ENGLISH_US
offset:0x0004f358
size:0x000002d7

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号