VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load
52d49067045f128361fd1ed268a710ae    Threatbook file behavior analysis report
Virscan.org multi-engine scan report
Basic Information
file name:52d49067045f128361fd1ed268a710ae
file type:EXEx86
Submission time:2019-03-16 01:01:13
Threat level:malicious
MD5:52d49067045f128361fd1ed268a710ae
sha256:ee5a83cb9913e874403a01aed015b164c157f7911dda90506712b81564cfe72f
Document Threat Intelligence IOC Report
No intelligence IOC detected
Intelligence decision system
Undetected intelligence determination system
Network behavior report
domains:0
dns:0
http:0
udp:0
smtp:0
icmp:0
irc:0
hosts:0
Document release report
file name:B2E4.tmp
file type:empty
file size:0
MD5:d41d8cd98f00b204e9800998ecf8427e
file name:hngfruf.exe
file type:PE32 executable (GUI) Intel 80386, for MS Windows
file size:175944
MD5:0fb55eaa080fa10e55f500501a7d14af
file name:ltuidgl.dll
file type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
file size:25600
MD5:19718a356335dbafcdbcba85c824d544
File process number report
Process details:共分析了2个进程
Document behavior signature report
Low risk behavior
System Environment Detection:Queries for the computername
Suspicious behavior0
High risk behavior0
Low risk behavior
System Sensitive Operations:Creates executable files on the filesystem
Suspicious behavior0
High risk behavior0
Low risk behavior
General behavior:Contains ability to find and load resources of a specific module
Suspicious behavior0
High risk behavior0
Low risk behavior
System Environment Detection:Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate)
Suspicious behavior0
High risk behavior0
Low risk behavior
System Environment Detection:Contains functionality to query system information
Suspicious behavior0
High risk behavior0
Low risk behavior0
Suspicious behavior
Reverse Engineering:Checks if process is being debugged by a debugger
High risk behavior0
Low risk behavior0
Suspicious behavior
Static File Characteristics:PE file does not import any functions
High risk behavior0
Low risk behavior0
Suspicious behavior0
High risk behavior
Persistence:Installs itself for autorun at Windows startup
Low risk behavior0
Suspicious behavior0
High risk behavior
Persistence:Installs itself in AppInit to inject into new processes
Low risk behavior0
Suspicious behavior0
High risk behavior
General behavior:Creates a slightly modified copy of itself
Static information
PE section table information0
import_hash:
time_stamp:
entry_point_section:
entry_point_section:
image_base:
entry_point:
PE resource information0

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号