VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load
3bc5671c6a10f75c10fc0c2c6e1e6507    Threatbook file behavior analysis report
Virscan.org multi-engine scan report
Basic Information
file name:3bc5671c6a10f75c10fc0c2c6e1e6507
file type:EXEx86
Submission time:2019-02-12 01:04:11
Threat level:malicious
MD5:3bc5671c6a10f75c10fc0c2c6e1e6507
sha256:1c4cf4b938911ba9f1dbfac9c186b61f6f1afdd3b1094605b610ad1b47dd3f50
Document Threat Intelligence IOC Report
No intelligence IOC detected
Intelligence decision system
Undetected intelligence determination system
Network behavior report
domains:0
dns:0
http:0
Document release report
file name:1c4cf4b938911ba9f1dbfac9c186b61f6f1afdd3b1094605b610ad1b47dd3f50.rpt
file type:data
file size:2356
MD5:b66a3fe053e1b5415b0c376a77e377c6
file name:1c4cf4b938911ba9f1dbfac9c186b61f6f1afdd3b1094605b610ad1b47dd3f50.dmp
file type:MDMP crash report data
file size:47189
MD5:204bdcf88cd3dbecc10b00924a1af0a6
File process number report
Process details:0
                      
Document behavior signature report
Low risk behavior
General behavior:Creates a writable file in a temporary directory
Low risk behavior
System Environment Detection:Contains functionality to query system information
Low risk behavior
Static File Characteristics:Found potential IP address or url in binary/memory
Low risk behavior
System Environment Detection:Contains ability to query machine timezone
Low risk behavior
General behavior:One or more processes crashed
Low risk behavior
System Environment Detection:Reads the active computer name
可疑行为
Reverse Engineering:Checks if process is being debugged by a debugger
可疑行为
General behavior:Potential time zone aware malware
可疑行为
Static File Characteristics:PE file contains more sections than normal
可疑行为
Anti-detection Technology:Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available
可疑行为
Reverse Engineering:The binary likely contains encrypted or compressed data indicative of a packer
Static information
PE section table information
Section name:.text
Virtual address:0x00001000
Physical address:0x00001000
Physical size:0x00053000
Section permissions:R-E
Section name:.rdata
Virtual address:0x00054000
Physical address:0x00054000
Physical size:0x0000e800
Section permissions:R--
Section name:.data
Virtual address:0x00063000
Physical address:0x00062800
Physical size:0x00002800
Section permissions:RW-
Section name:.rsrc
Virtual address:0x00069000
Physical address:0x00065000
Physical size:0x00006c00
Section permissions:R--
Section name:.reloc
Virtual address:0x00070000
Physical address:0x0006bc00
Physical size:0x00005c00
Section permissions:R--
Section name:.bak
Virtual address:0x00076000
Physical address:0x00071800
Physical size:0x00001a00
Section permissions:RWE
Section name:.bak
Virtual address:0x00078000
Physical address:0x00073200
Physical size:0x00001a00
Section permissions:RWE
Section name:.bak
Virtual address:0x0007a000
Physical address:0x00074c00
Physical size:0x00001a00
Section permissions:RWE
Section name:.bak
Virtual address:0x0007c000
Physical address:0x00076600
Physical size:0x00001a00
Section permissions:RWE
Section name:.bak
Virtual address:0x0007e000
Physical address:0x00078000
Physical size:0x00001a00
Section permissions:RWE
Section name:.bak
Virtual address:0x00080000
Physical address:0x00079a00
Physical size:0x00001a00
Section permissions:RWE
Section name:.bak
Virtual address:0x00082000
Physical address:0x0007b400
Physical size:0x00001a00
Section permissions:RWE
Section name:.bak
Virtual address:0x00084000
Physical address:0x0007ce00
Physical size:0x00001a00
Section permissions:RWE
Section name:.bak
Virtual address:0x00086000
Physical address:0x0007e800
Physical size:0x00001a00
Section permissions:RWE
Section name:.bak
Virtual address:0x00088000
Physical address:0x00080200
Physical size:0x00001a00
Section permissions:RWE
Section name:.bak
Virtual address:0x0008a000
Physical address:0x00081c00
Physical size:0x00001a00
Section permissions:RWE
Section name:.bak
Virtual address:0x0008c000
Physical address:0x00083600
Physical size:0x00001a00
Section permissions:RWE
Section name:.bak
Virtual address:0x0008e000
Physical address:0x00085000
Physical size:0x00001a00
Section permissions:RWE
Section name:.bak
Virtual address:0x00090000
Physical address:0x00086a00
Physical size:0x00001a00
Section permissions:RWE
Section name:.bak
Virtual address:0x00092000
Physical address:0x00088400
Physical size:0x00001a00
Section permissions:RWE
Section name:.bak
Virtual address:0x00094000
Physical address:0x00089e00
Physical size:0x00001a00
Section permissions:RWE
Section name:.bak
Virtual address:0x00096000
Physical address:0x0008b800
Physical size:0x00001a00
Section permissions:RWE
Section name:.bak
Virtual address:0x00098000
Physical address:0x0008d200
Physical size:0x00001a00
Section permissions:RWE
Section name:.bak
Virtual address:0x0009a000
Physical address:0x0008ec00
Physical size:0x00001a00
Section permissions:RWE
Section name:.bak
Virtual address:0x0009c000
Physical address:0x00090600
Physical size:0x00001a00
Section permissions:RWE
Section name:.bak
Virtual address:0x0009e000
Physical address:0x00092000
Physical size:0x00001a00
Section permissions:RWE
Section name:.bak
Virtual address:0x000a0000
Physical address:0x00093a00
Physical size:0x00001a00
Section permissions:RWE
Section name:.bak
Virtual address:0x000a2000
Physical address:0x00095400
Physical size:0x00001a00
Section permissions:RWE
Section name:.bak
Virtual address:0x000a4000
Physical address:0x00096e00
Physical size:0x00001a00
Section permissions:RWE
Section name:.bak
Virtual address:0x000a6000
Physical address:0x00098800
Physical size:0x00001a00
Section permissions:RWE
Section name:.bak
Virtual address:0x000a8000
Physical address:0x0009a200
Physical size:0x00001a00
Section permissions:RWE
Section name:.bak
Virtual address:0x000aa000
Physical address:0x0009bc00
Physical size:0x00001a00
Section permissions:RWE
Section name:.bak
Virtual address:0x000ac000
Physical address:0x0009d600
Physical size:0x00001a00
Section permissions:RWE
Section name:.bak
Virtual address:0x000ae000
Physical address:0x0009f000
Physical size:0x00001a00
Section permissions:RWE
Section name:.bak
Virtual address:0x000b0000
Physical address:0x000a0a00
Physical size:0x00001a00
Section permissions:RWE
Section name:.bak
Virtual address:0x000b2000
Physical address:0x000a2400
Physical size:0x00001a00
Section permissions:RWE
Section name:.bak
Virtual address:0x000b4000
Physical address:0x000a3e00
Physical size:0x00001a00
Section permissions:RWE
Section name:.bak
Virtual address:0x000b6000
Physical address:0x000a5800
Physical size:0x00001a00
Section permissions:RWE
Section name:.bak
Virtual address:0x000b8000
Physical address:0x000a7200
Physical size:0x00001a00
Section permissions:RWE
Section name:.bak
Virtual address:0x000ba000
Physical address:0x000a8c00
Physical size:0x00001a00
Section permissions:RWE
Section name:.bak
Virtual address:0x000bc000
Physical address:0x000aa600
Physical size:0x00001a00
Section permissions:RWE
Section name:.bak
Virtual address:0x000be000
Physical address:0x000ac000
Physical size:0x00001a00
Section permissions:RWE
Section name:.bak
Virtual address:0x000c0000
Physical address:0x000ada00
Physical size:0x00001a00
Section permissions:RWE
Section name:.bak
Virtual address:0x000c2000
Physical address:0x000af400
Physical size:0x00001a00
Section permissions:RWE
Section name:.bak
Virtual address:0x000c4000
Physical address:0x000b0e00
Physical size:0x00001a00
Section permissions:RWE
Section name:.bak
Virtual address:0x000c6000
Physical address:0x000b2800
Physical size:0x00001a00
Section permissions:RWE
Section name:.bak
Virtual address:0x000c8000
Physical address:0x000b4200
Physical size:0x00001a00
Section permissions:RWE
Section name:.bak
Virtual address:0x000ca000
Physical address:0x000b5c00
Physical size:0x00001a00
Section permissions:RWE
Section name:.bak
Virtual address:0x000cc000
Physical address:0x000b7600
Physical size:0x00001a00
Section permissions:RWE
Section name:.bak
Virtual address:0x000ce000
Physical address:0x000b9000
Physical size:0x00001a00
Section permissions:RWE
PE basic information
import_hash:2392e9477695f9fb19bda71e034072c5
time_stamp:2014-06-11 21:06:56
entry_point_section:.text
entry_point_section:.text
image_base:0x400000
entry_point:0x3c173
PE resource information
name:RT_ICON
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x000692b0
size:0x00000668
name:RT_ICON
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x00069918
size:0x000002e8
name:RT_ICON
language:LANG_CHINESE
filetype:GLS_BINARY_LSB_FIRST
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x00069c00
size:0x00000128
name:RT_ICON
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x00069d28
size:0x00000ea8
name:RT_ICON
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x0006abd0
size:0x000008a8
name:RT_ICON
language:LANG_CHINESE
filetype:GLS_BINARY_LSB_FIRST
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x0006b478
size:0x00000568
name:RT_ICON
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x0006b9e0
size:0x000025a8
name:RT_ICON
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x0006df88
size:0x000010a8
name:RT_ICON
language:LANG_CHINESE
filetype:GLS_BINARY_LSB_FIRST
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x0006f030
size:0x00000468
name:RT_GROUP_ICON
language:LANG_CHINESE
filetype:MS Windows icon resource - 9 icons, 48x48, 16-colors
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x0006f498
size:0x00000084
name:RT_VERSION
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x0006f51c
size:0x000002f8
name:RT_MANIFEST
language:LANG_ENGLISH
filetype:ASCII text, with CRLF line terminators
sublanguage:SUBLANG_ENGLISH_US
offset:0x0006f814
size:0x0000026e

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号