VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load
火萤酱.exe    Threatbook file behavior analysis report
Virscan.org multi-engine scan report
Basic Information
file name:火萤酱.exe
file type:EXEx86
Submission time:2019-01-11 23:46:36
Threat level:clean
MD5:c5bec04010876452f0f39a334bbf9cc8
sha256:1a17c3cd1e36728074dd9febde0f6c930c5d1a10ade6b956fe8700002f78fff4
Document Threat Intelligence IOC Report
No intelligence IOC detected
Intelligence decision system
Undetected intelligence determination system
Network behavior report
domains:0
dns:0
http:0
hosts:2
hosts:2
hosts:2
Document release report
File release report not detected
File process number report
Process details:0
              
Document behavior signature report
Low risk behavior
General behavior:Contains ability to find and load resources of a specific module
Low risk behavior
System Environment Detection:Contains functionality to query system information
Low risk behavior
General behavior:This executable has a PDB path
可疑行为
Anti-detection Technology:Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation
可疑行为
Reverse Engineering:Checks if process is being debugged by a debugger
可疑行为
Information gathering:Contains functionality to retrieve information about pressed keystrokes
可疑行为
Reverse Engineering:The binary likely contains encrypted or compressed data indicative of a packer
Static information
PE section table information
Section name:.text
Virtual address:0x00001000
Physical address:0x00000400
Physical size:0x000b4c00
Section permissions:R-E
Section name:.rdata
Virtual address:0x000b6000
Physical address:0x000b5000
Physical size:0x00026e00
Section permissions:R--
Section name:.data
Virtual address:0x000dd000
Physical address:0x000dbe00
Physical size:0x00003a00
Section permissions:RW-
Section name:.gfids
Virtual address:0x000e9000
Physical address:0x000df800
Physical size:0x00000400
Section permissions:R--
Section name:.tls
Virtual address:0x000ea000
Physical address:0x000dfc00
Physical size:0x00000200
Section permissions:RW-
Section name:.rsrc
Virtual address:0x000eb000
Physical address:0x000dfe00
Physical size:0x003ab600
Section permissions:R--
Section name:.reloc
Virtual address:0x00497000
Physical address:0x0048b400
Physical size:0x0000a000
Section permissions:R--
PE basic information
import_hash:fd487bdd579956684b7a2053ac90e69a
time_stamp:2018-06-06 14:06:20
entry_point_section:.text
entry_point_section:.text
image_base:0x400000
entry_point:0x1e20f
PE resource information
name:ZIPINSTALL
language:LANG_CHINESE
filetype:7-zip archive data, version 0.3
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x0012b830
size:0x0034bfac
name:ZIPRES
language:LANG_CHINESE
filetype:Zip archive data, at least v1.0 to extract
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x000eb750
size:0x000400da
name:RT_ICON
language:LANG_CHINESE
filetype:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x0048ef58
size:0x00007076
name:RT_ICON
language:LANG_CHINESE
filetype:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x0048ef58
size:0x00007076
name:RT_ICON
language:LANG_CHINESE
filetype:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x0048ef58
size:0x00007076
name:RT_ICON
language:LANG_CHINESE
filetype:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x0048ef58
size:0x00007076
name:RT_ICON
language:LANG_CHINESE
filetype:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x0048ef58
size:0x00007076
name:RT_ICON
language:LANG_CHINESE
filetype:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x0048ef58
size:0x00007076
name:RT_ICON
language:LANG_CHINESE
filetype:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x0048ef58
size:0x00007076
name:RT_ICON
language:LANG_CHINESE
filetype:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x0048ef58
size:0x00007076
name:RT_ICON
language:LANG_CHINESE
filetype:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x0048ef58
size:0x00007076
name:RT_ICON
language:LANG_CHINESE
filetype:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x0048ef58
size:0x00007076
name:RT_ICON
language:LANG_CHINESE
filetype:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x0048ef58
size:0x00007076
name:RT_ICON
language:LANG_CHINESE
filetype:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x0048ef58
size:0x00007076
name:RT_ICON
language:LANG_CHINESE
filetype:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x0048ef58
size:0x00007076
name:RT_ICON
language:LANG_CHINESE
filetype:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x0048ef58
size:0x00007076
name:RT_ICON
language:LANG_CHINESE
filetype:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x0048ef58
size:0x00007076
name:RT_GROUP_ICON
language:LANG_CHINESE
filetype:MS Windows icon resource - 15 icons, 16x16, 16-colors
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x00495fd0
size:0x000000d8
name:RT_VERSION
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x000eb490
size:0x000002c0
name:RT_MANIFEST
language:LANG_ENGLISH
filetype:XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
sublanguage:SUBLANG_ENGLISH_US
offset:0x004960a8
size:0x0000035d

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号