1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.
Language
Server load
1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.
| Virscan.org multi-engine scan report |
| Basic Information | |
|---|---|
| file name: | 3bec4ff2cd015a42820c5ead0b508228 |
| file type: | EXEx86 |
| Submission time: | 2019-02-12 01:04:53 |
| Threat level: | malicious |
| MD5: | 3bec4ff2cd015a42820c5ead0b508228 |
| sha256: | a23745bc379f12b3d3e18caac185b3212c095dc6165b9b69bd428ebebcd64890 |
| Document Threat Intelligence IOC Report | |
|---|---|
| No intelligence IOC detected | |
| Intelligence decision system | |
|---|---|
| Undetected intelligence determination system | |
| Network behavior report | |
|---|---|
| domains: | 0 |
| dns: | 0 |
| http: | 0 |
| Document release report | |
|---|---|
| file name: | old_a23745bc379f12b3d3e18caac185b3212c095dc6165b9b69bd428ebebcd64890.exe |
| file type: | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows |
| file size: | 237416 |
| MD5: | 3bec4ff2cd015a42820c5ead0b508228 |
| file name: | a23745bc379f12b3d3e18caac185b3212c095dc6165b9b69bd428ebebcd64890.exe |
| file type: | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows |
| file size: | 237416 |
| MD5: | 0a9efe7db45a1e62fff5e783003a73d3 |
| File process number report | |
|---|---|
| Process details: | 0 |
| Document behavior signature report | |
|---|---|
| Low risk behavior | |
| General behavior: | Creates a writable file in a temporary directory |
| Low risk behavior | |
| General behavior: | Contains ability to find and load resources of a specific module |
| Low risk behavior | |
| Static File Characteristics: | Found potential IP address or url in binary/memory |
| Low risk behavior | |
| General behavior: | One or more processes crashed |
| 可疑行为 | |
| System Sensitive Operations: | Copy itself to other directories |
| 可疑行为 | |
| System Sensitive Operations: | Creates executable files on the filesystem |
| 可疑行为 | |
| General behavior: | Drops a binary and executes it |
| 可疑行为 | |
| Information gathering: | Contains functionality to retrieve information about pressed keystrokes |
| 可疑行为 | |
| General behavior: | Moves the original executable to a new location |
| 可疑行为 | |
| Reverse Engineering: | The binary likely contains encrypted or compressed data indicative of a packer |
| 可疑行为 | |
| General behavior: | Reads terminal service related keys (often RDP related) |
| 高危行为 | |
| General behavior: | Creates a slightly modified copy of itself |
| Static information | |
|---|---|
| PE section table information | |
| Section name: | .text |
| Virtual address: | 0x00001000 |
| Physical address: | 0x00000400 |
| Physical size: | 0x00013e00 |
| Section permissions: | RWE |
| Section name: | .data |
| Virtual address: | 0x00015000 |
| Physical address: | 0x00014200 |
| Physical size: | 0x00001200 |
| Section permissions: | RW- |
| Section name: | .rdata |
| Virtual address: | 0x00017000 |
| Physical address: | 0x00015400 |
| Physical size: | 0x00013a00 |
| Section permissions: | RW- |
| Section name: | .bss |
| Virtual address: | 0x0002b000 |
| Physical address: | 0x00000000 |
| Physical size: | 0x00000000 |
| Section permissions: | RW- |
| Section name: | .CRT |
| Virtual address: | 0x0002e000 |
| Physical address: | 0x00028e00 |
| Physical size: | 0x00000200 |
| Section permissions: | RW- |
| Section name: | .idata |
| Virtual address: | 0x0002f000 |
| Physical address: | 0x00029000 |
| Physical size: | 0x00000a00 |
| Section permissions: | RW- |
| Section name: | .rsrc |
| Virtual address: | 0x00030000 |
| Physical address: | 0x00029a00 |
| Physical size: | 0x00001200 |
| Section permissions: | R-- |
| PE basic information | |
| import_hash: | ef3fd1c1a81435e51fcc42212e25d2ec |
| time_stamp: | 1970-01-01 08:00:00 |
| entry_point_section: | .text |
| entry_point_section: | .text |
| image_base: | 0x400000 |
| entry_point: | 0x14ac0 |
| PE resource information | |
| name: | RT_ICON |
| language: | LANG_NEUTRAL |
| filetype: | data |
| sublanguage: | SUBLANG_NEUTRAL |
| offset: | 0x00030190 |
| size: | 0x00000668 |
| name: | RT_ICON |
| language: | LANG_NEUTRAL |
| filetype: | data |
| sublanguage: | SUBLANG_NEUTRAL |
| offset: | 0x000307f8 |
| size: | 0x000002e8 |
| name: | RT_ICON |
| language: | LANG_NEUTRAL |
| filetype: | GLS_BINARY_LSB_FIRST |
| sublanguage: | SUBLANG_NEUTRAL |
| offset: | 0x00030ae0 |
| size: | 0x00000128 |
| name: | RT_GROUP_ICON |
| language: | LANG_NEUTRAL |
| filetype: | MS Windows icon resource - 3 icons, 48x48, 16-colors |
| sublanguage: | SUBLANG_NEUTRAL |
| offset: | 0x00030c08 |
| size: | 0x00000030 |
| name: | RT_VERSION |
| language: | LANG_NEUTRAL |
| filetype: | data |
| sublanguage: | SUBLANG_NEUTRAL |
| offset: | 0x00030c38 |
| size: | 0x000002e4 |
| name: | RT_MANIFEST |
| language: | LANG_NEUTRAL |
| filetype: | XML document text |
| sublanguage: | SUBLANG_NEUTRAL |
| offset: | 0x00030f1c |
| size: | 0x00000219 |
HOME
