VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load
6af1219e020c7c97a695a295540ee39b    Threatbook file behavior analysis report
Virscan.org multi-engine scan report
Basic Information
file name:6af1219e020c7c97a695a295540ee39b
file type:EXEx86
Submission time:2019-02-13 01:04:24
Threat level:malicious
MD5:6af1219e020c7c97a695a295540ee39b
sha256:1daa0e2e2a0428c2b405b19b35cd54cdf92e5e412f2c7f7c2e1cc7bb4f959a64
Document Threat Intelligence IOC Report
No intelligence IOC detected
Intelligence decision system
Undetected intelligence determination system
Network behavior report
domains:0
dns:0
http:0
hosts:1
hosts:1
Document release report
File release report not detected
File process number report
Process details:0
            
Document behavior signature report
Low risk behavior
Static File Characteristics:Found potential IP address or url in binary/memory
Low risk behavior
General behavior:One or more processes crashed
Low risk behavior
System Environment Detection:Reads the active computer name
可疑行为
Anti-detection Technology:Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available
可疑行为
Reverse Engineering:The binary likely contains encrypted or compressed data indicative of a packer
高危行为
Anti-detection Technology:Tries to unhook Windows functions monitored by Cuckoo
Static information
PE section table information
Section name:.text
Virtual address:0x00001000
Physical address:0x00001000
Physical size:0x000c7000
Section permissions:R-E
Section name:.rdata
Virtual address:0x000c8000
Physical address:0x000c8000
Physical size:0x00002000
Section permissions:R--
Section name:.data
Virtual address:0x000ca000
Physical address:0x000ca000
Physical size:0x00003000
Section permissions:RW-
Section name:.rsrc
Virtual address:0x0012f000
Physical address:0x000cd000
Physical size:0x000e7000
Section permissions:R--
PE basic information
import_hash:dec3228c888dbe03ea5b9402694255e6
time_stamp:2018-08-18 05:20:35
entry_point_section:.text
entry_point_section:.text
image_base:0x400000
entry_point:0xc2ab6
PE resource information
name:RT4060014
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x0012f628
size:0x000030d6
name:RT_BITMAP
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_UK
offset:0x00132700
size:0x00006804
name:RT_BITMAP
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_UK
offset:0x00138f04
size:0x00005c28
name:RT_BITMAP
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_UK
offset:0x0013eb2c
size:0x00008fe8
name:RT_BITMAP
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_UK
offset:0x00147b14
size:0x0000cf28
name:RT_BITMAP
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_UK
offset:0x00154a3c
size:0x00017028
name:RT_BITMAP
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_UK
offset:0x0016ba64
size:0x00023f28
name:RT_BITMAP
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_UK
offset:0x0018f98c
size:0x00009ea4
name:RT_BITMAP
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_UK
offset:0x00199830
size:0x0000e0c4
name:RT_BITMAP
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_UK
offset:0x001a78f4
size:0x00019f98
name:RT_BITMAP
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_UK
offset:0x001c188c
size:0x00027a18
name:RT_BITMAP
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_UK
offset:0x001e92a4
size:0x00002028
name:RT_BITMAP
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_UK
offset:0x001eb2cc
size:0x00003228
name:RT_BITMAP
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_UK
offset:0x001ee4f4
size:0x00004828
name:RT_BITMAP
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_UK
offset:0x001f2d1c
size:0x00008028
name:RT_BITMAP
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_UK
offset:0x001fad44
size:0x0000c828
name:RT_BITMAP
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_UK
offset:0x0020756c
size:0x00000ab8
name:RT_BITMAP
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_UK
offset:0x00208024
size:0x00001028
name:RT_BITMAP
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_UK
offset:0x0020904c
size:0x000016b8
name:RT_BITMAP
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_UK
offset:0x0020a704
size:0x00002a68
name:RT_BITMAP
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_UK
offset:0x0020d16c
size:0x00004028
name:RT_BITMAP
language:LANG_ENGLISH
filetype:GLS_BINARY_LSB_FIRST
sublanguage:SUBLANG_ENGLISH_UK
offset:0x00211194
size:0x00002028
name:RT_BITMAP
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_CAN
offset:0x002131bc
size:0x00001028
name:RT_ICON
language:LANG_ENGLISH
filetype:GLS_BINARY_LSB_FIRST
sublanguage:SUBLANG_ENGLISH_US
offset:0x002141e4
size:0x00000128
name:RT_ICON
language:LANG_ENGLISH
filetype:GLS_BINARY_LSB_FIRST
sublanguage:SUBLANG_ENGLISH_US
offset:0x0021430c
size:0x00000568
name:RT_ICON
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x00214874
size:0x000002e8
name:RT_ICON
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x00214b5c
size:0x000008a8
name:RT_GROUP_ICON
language:LANG_ENGLISH
filetype:MS Windows icon resource - 4 icons, 16x16, 8-colors
sublanguage:SUBLANG_ENGLISH_US
offset:0x00215404
size:0x0000003e
name:RT_VERSION
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x00215444
size:0x000002a8

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号