VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load
3bec4ff2cd015a42820c5ead0b508228    Threatbook file behavior analysis report
Virscan.org multi-engine scan report
Basic Information
file name:3bec4ff2cd015a42820c5ead0b508228
file type:EXEx86
Submission time:2019-02-12 01:04:53
Threat level:malicious
MD5:3bec4ff2cd015a42820c5ead0b508228
sha256:a23745bc379f12b3d3e18caac185b3212c095dc6165b9b69bd428ebebcd64890
Document Threat Intelligence IOC Report
No intelligence IOC detected
Intelligence decision system
Undetected intelligence determination system
Network behavior report
domains:0
dns:0
http:0
Document release report
file name:old_a23745bc379f12b3d3e18caac185b3212c095dc6165b9b69bd428ebebcd64890.exe
file type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
file size:237416
MD5:3bec4ff2cd015a42820c5ead0b508228
file name:a23745bc379f12b3d3e18caac185b3212c095dc6165b9b69bd428ebebcd64890.exe
file type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
file size:237416
MD5:0a9efe7db45a1e62fff5e783003a73d3
File process number report
Process details:0
                        
Document behavior signature report
Low risk behavior
General behavior:Creates a writable file in a temporary directory
Low risk behavior
General behavior:Contains ability to find and load resources of a specific module
Low risk behavior
Static File Characteristics:Found potential IP address or url in binary/memory
Low risk behavior
General behavior:One or more processes crashed
可疑行为
System Sensitive Operations:Copy itself to other directories
可疑行为
System Sensitive Operations:Creates executable files on the filesystem
可疑行为
General behavior:Drops a binary and executes it
可疑行为
Information gathering:Contains functionality to retrieve information about pressed keystrokes
可疑行为
General behavior:Moves the original executable to a new location
可疑行为
Reverse Engineering:The binary likely contains encrypted or compressed data indicative of a packer
可疑行为
General behavior:Reads terminal service related keys (often RDP related)
高危行为
General behavior:Creates a slightly modified copy of itself
Static information
PE section table information
Section name:.text
Virtual address:0x00001000
Physical address:0x00000400
Physical size:0x00013e00
Section permissions:RWE
Section name:.data
Virtual address:0x00015000
Physical address:0x00014200
Physical size:0x00001200
Section permissions:RW-
Section name:.rdata
Virtual address:0x00017000
Physical address:0x00015400
Physical size:0x00013a00
Section permissions:RW-
Section name:.bss
Virtual address:0x0002b000
Physical address:0x00000000
Physical size:0x00000000
Section permissions:RW-
Section name:.CRT
Virtual address:0x0002e000
Physical address:0x00028e00
Physical size:0x00000200
Section permissions:RW-
Section name:.idata
Virtual address:0x0002f000
Physical address:0x00029000
Physical size:0x00000a00
Section permissions:RW-
Section name:.rsrc
Virtual address:0x00030000
Physical address:0x00029a00
Physical size:0x00001200
Section permissions:R--
PE basic information
import_hash:ef3fd1c1a81435e51fcc42212e25d2ec
time_stamp:1970-01-01 08:00:00
entry_point_section:.text
entry_point_section:.text
image_base:0x400000
entry_point:0x14ac0
PE resource information
name:RT_ICON
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x00030190
size:0x00000668
name:RT_ICON
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x000307f8
size:0x000002e8
name:RT_ICON
language:LANG_NEUTRAL
filetype:GLS_BINARY_LSB_FIRST
sublanguage:SUBLANG_NEUTRAL
offset:0x00030ae0
size:0x00000128
name:RT_GROUP_ICON
language:LANG_NEUTRAL
filetype:MS Windows icon resource - 3 icons, 48x48, 16-colors
sublanguage:SUBLANG_NEUTRAL
offset:0x00030c08
size:0x00000030
name:RT_VERSION
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x00030c38
size:0x000002e4
name:RT_MANIFEST
language:LANG_NEUTRAL
filetype:XML document text
sublanguage:SUBLANG_NEUTRAL
offset:0x00030f1c
size:0x00000219

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号