VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load
44ae82e2b71d21d12a3352f7575d09ef    Threatbook file behavior analysis report
Virscan.org multi-engine scan report
Basic Information
file name:44ae82e2b71d21d12a3352f7575d09ef
file type:EXEx86
Submission time:2019-03-15 14:03:40
Threat level:malicious
MD5:44ae82e2b71d21d12a3352f7575d09ef
sha256:f06ae8cf17003ef765214c826f740e3502aeaa5f9b64896c1034d0f135a71da0
Document Threat Intelligence IOC Report
No intelligence IOC detected
Intelligence decision system
Undetected intelligence determination system
Network behavior report
domains:0
dns:0
http:0
udp:0
smtp:0
icmp:0
irc:0
hosts:0
Document release report
file name:UT2004 codes.exe
file type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
file size:276066
MD5:1c9e8973bb5293e7a39afaab4f157cf9
file name:UT2004 + fix.exe
file type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
file size:274018
MD5:d550dcce6498946666f335e30ba8c8c0
file name:ut2004(cdfix).exe
file type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
file size:274018
MD5:56e1631ff30714b949cc7907e6117ca7
file name:flatout_serial.exe
file type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
file size:274018
MD5:b3a1073dcde0fc708dd080cfed8abc1a
file name:ut2004(nocd).exe
file type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
file size:272994
MD5:1347a6421ca836e7a75c9480a90687d9
file name:daoc serial.exe
file type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
file size:275042
MD5:ce41b254d069cf5b55778e65f25a9152
File process number report
Process details:共分析了1个进程
Document behavior signature report
Low risk behavior0
Suspicious behavior
System Sensitive Operations:Copy itself to other directories
High risk behavior0
Low risk behavior0
Suspicious behavior
System Sensitive Operations:Creates executable files on the filesystem
High risk behavior0
Low risk behavior0
Suspicious behavior
Reverse Engineering:The executable is compressed using UPX
High risk behavior0
Low risk behavior0
Suspicious behavior0
High risk behavior
General behavior:Creates a slightly modified copy of itself
Static information
Section name:UPX0
Virtual address:0x00001000
Physical address:0x00000400
Physical size:0x0000d400
Section permissions:RWE
Section name:UPX1
Virtual address:0x00010000
Physical address:0x0000d800
Physical size:0x00005000
Section permissions:RWE
Section name:.rsrc
Virtual address:0x00016000
Physical address:0x00012800
Physical size:0x00000800
Section permissions:RW-
Section name:.imports
Virtual address:0x00017000
Physical address:0x00013000
Physical size:0x00000800
Section permissions:RW-
import_hash:aae0990bf8ae1af65a22e31d4163da6c
time_stamp:1992-06-20 06:22:17
entry_point_section:UPX0
entry_point_section:UPX0
image_base:0x400000
entry_point:0xa764
name:RT_ICON
language:LANG_SPANISH
filetype:data
sublanguage:SUBLANG_SPANISH_MODERN
offset:0x00016154
size:0x000002e8
name:RT_RCDATA
language:LANG_NEUTRAL
filetype:Sendmail frozen configuration
sublanguage:SUBLANG_NEUTRAL
offset:0x00012438
size:0x00000010
name:RT_RCDATA
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x00012448
size:0x000000a8
name:RT_GROUP_ICON
language:LANG_SPANISH
filetype:MS Windows icon resource - 1 icon
sublanguage:SUBLANG_SPANISH_MODERN
offset:0x00016440
size:0x00000014

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号