VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load
msgjjl.exe    Threatbook file behavior analysis report
Virscan.org multi-engine scan report
Basic Information
file name:msgjjl.exe
file type:EXEx86
Submission time:2019-01-13 01:00:18
Threat level:malicious
MD5:d299f03677a6800d4913352e6e3702d8
sha256:872ecf9171efcf2eee54859cc5c2f3f534142808508a9905d174fa9cbf6013bf
Document Threat Intelligence IOC Report
No intelligence IOC detected
Intelligence decision system
Undetected intelligence determination system
Network behavior report
domains:0
dns:0
http:0
Document release report
file name:ErrorPageTemplate[1]
file type:assembler source, UTF-8 Unicode (with BOM) text, with CRLF line terminators
file size:2168
MD5:f4fe1cb77e758e1ba56b8a8ec20417c5
file name:errorPageStrings[2]
file type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
file size:1817
MD5:1a0563f7fb85a678771450b131ed66fd
file name:httpErrorPagesScripts[1]
file type:UTF-8 Unicode (with BOM) text, with CRLF, CR line terminators
file size:8601
MD5:e7ca76a3c9ee0564471671d500e3f0f3
file name:background_gradient[1]
file type:JPEG image data, JFIF standard 1.02
file size:453
MD5:20f0110ed5e4e0d5384a496e4880139b
file name:down[1]
file type:PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced
file size:3414
MD5:555e83ce7f5d280d7454af334571fb25
file name:dnserrordiagoff_weboc[1]
file type:HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
file size:6766
MD5:3948ef3d9f9fb9fd68bfbbcdbdcfc605
file name:info_48[1]
file type:PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced
file size:6993
MD5:49e0ef03e74704089a60c437085db89e
file name:bullet[1]
file type:PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced
file size:3169
MD5:0c4c086dd852704e8eeb8ff83e3b73d1
File process number report
Process details:0
                                              
Document behavior signature report
Low risk behavior
General behavior:Read or write ini files
Low risk behavior
General behavior:Contains ability to find and load resources of a specific module
Low risk behavior
System Environment Detection:Contains functionality to query system information
Low risk behavior
Static File Characteristics:Found potential IP address or url in binary/memory
Low risk behavior
System Environment Detection:Contains functionality to query the account / user name
Low risk behavior
General behavior:One or more processes crashed
Low risk behavior
System Environment Detection:Reads the active computer name
可疑行为
General behavior:Requested access to a system service
可疑行为
Reverse Engineering:A process attempted to delay the analysis task.
可疑行为
Reverse Engineering:Contains functionality to create guard pages, often used to hinder reverse engineering and debugging
可疑行为
System Sensitive Operations:Disables application error messsages (SetErrorMode)
可疑行为
Information gathering:Contains functionality to retrieve information about pressed keystrokes
可疑行为
Anti-detection Technology:Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available
可疑行为
可疑行为
System Sensitive Operations:Modifies proxy settings
可疑行为
Anti-detection Technology:Checks adapter addresses which can be used to detect virtual network interfaces
可疑行为
System Sensitive Operations:Checks for the Locally Unique Identifier on the system for a suspicious privilege
可疑行为
Information gathering:Queries sensitive IE security settings
可疑行为
Information gathering:Queries the internet cache settings (often used to hide footprints in index.dat or internet cache)
可疑行为
System Environment Detection:Scans for the windows taskbar (often used for explorer injection)
高危行为
System Sensitive Operations:Disables proxy possibly for traffic interception
高危行为
Anti-detection Technology:Installs an hook procedure to monitor for mouse events
高危行为
Information gathering:Creates a windows hook that monitors keyboard input (keylogger)
高危行为
System Sensitive Operations:Modifies file/console tracing settings (often used to hide footprints on system)
Static information
PE section table information
Section name:.text
Virtual address:0x00001000
Physical address:0x00001000
Physical size:0x0005b000
Section permissions:RWE
Section name:.rsrc
Virtual address:0x0005c000
Physical address:0x0005c000
Physical size:0x00002000
Section permissions:RWE
Section name:.mackt
Virtual address:0x0005e000
Physical address:0x0005e000
Physical size:0x00001000
Section permissions:RWE
PE basic information
import_hash:0e45366b2aa4a870ffb296d66f013a9b
time_stamp:2011-05-30 20:50:58
entry_point_section:.text
entry_point_section:.text
image_base:0x400000
entry_point:0x2f78
PE resource information
name:RT_ICON
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x0005c0e8
size:0x00000ea8
name:RT_GROUP_ICON
language:LANG_NEUTRAL
filetype:MS Windows icon resource - 1 icon
sublanguage:SUBLANG_NEUTRAL
offset:0x0005cf90
size:0x00000014
name:RT_VERSION
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x0005cfa8
size:0x0000027c

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号