VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load
mkvtoolnix--setup.exe    Threatbook file behavior analysis report
Virscan.org multi-engine scan report
Basic Information
file name:mkvtoolnix--setup.exe
file type:EXEx86
Submission time:2019-01-11 23:31:52
Threat level:clean
MD5:78cce331d7e118dea6ed6fcf6ae49073
sha256:f2d6354e4b2fedd14ba50391bd6e968fce318f3feaa59a673d500db45c54e92c
Document Threat Intelligence IOC Report
No intelligence IOC detected
Intelligence decision system
Undetected intelligence determination system
Network behavior report
domains:0
dns:0
http:0
hosts:1
hosts:1
Document release report
file name:modern-header.bmp
file type:PC bitmap, OS/2 1.x format, 150 x 57
file size:25790
MD5:b225b925266419b77312b607217cfc90
file name:startmenu.dll
file type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
file size:9728
MD5:23486dec737e5f34e498e025b483e981
file name:langdll.dll
file type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
file size:7168
MD5:7797271000a5d685503ade24b5a82f8a
file name:system.dll
file type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
file size:24064
MD5:a2f57977c31d2a8a4b69d0a19e49ed7c
file name:modern-wizard.bmp
file type:PC bitmap, OS/2 1.x format, 164 x 314
file size:154514
MD5:d8f0fa03d12b64749aa0c968aadabc5c
file name:nsdialogs.dll
file type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
file size:11264
MD5:0d65fa380fdf82ea3f9da4cad01cf04a
File process number report
Process details:0
                  
Document behavior signature report
Low risk behavior
General behavior:Creates a writable file in a temporary directory
Low risk behavior
General behavior:Contains ability to find and load resources of a specific module
Low risk behavior
Static File Characteristics:Found potential IP address or url in binary/memory
Low risk behavior
System Environment Detection:Reads the active computer name
可疑行为
Anti-detection Technology:Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation
可疑行为
System Sensitive Operations:Creates executable files on the filesystem
可疑行为
Information gathering:Contains functionality to retrieve information about pressed keystrokes
可疑行为
Anti-detection Technology:Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available
可疑行为
Reverse Engineering:The binary likely contains encrypted or compressed data indicative of a packer
Static information
PE section table information
Section name:.text
Virtual address:0x00001000
Physical address:0x00000400
Physical size:0x00008a00
Section permissions:R-E
Section name:.data
Virtual address:0x0000a000
Physical address:0x00008e00
Physical size:0x00000200
Section permissions:RW-
Section name:.rdata
Virtual address:0x0000b000
Physical address:0x00009000
Physical size:0x00006a00
Section permissions:R--
Section name:.bss
Virtual address:0x00012000
Physical address:0x00000000
Physical size:0x00000000
Section permissions:RW-
Section name:.idata
Virtual address:0x00050000
Physical address:0x0000fa00
Physical size:0x00001400
Section permissions:RW-
Section name:.ndata
Virtual address:0x00052000
Physical address:0x00010e00
Physical size:0x00002000
Section permissions:RW-
Section name:.rsrc
Virtual address:0x000f6000
Physical address:0x00012e00
Physical size:0x0002f400
Section permissions:RW-
PE basic information
import_hash:28a099a911237a28521d8b7ea250f089
time_stamp:2015-12-12 02:37:55
entry_point_section:.text
entry_point_section:.text
image_base:0x400000
entry_point:0x432f
PE resource information
name:RT_ICON
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x000f6658
size:0x00010828
name:RT_ICON
language:LANG_ENGLISH
filetype:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
sublanguage:SUBLANG_ENGLISH_US
offset:0x00106e80
size:0x0000a88f
name:RT_ICON
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x00111710
size:0x000094a8
name:RT_ICON
language:LANG_ENGLISH
filetype:FoxPro FPT, blocks size 0, next free block index 671088640
sublanguage:SUBLANG_ENGLISH_US
offset:0x0011abb8
size:0x00004228
name:RT_ICON
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x0011ede0
size:0x000025a8
name:RT_ICON
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x00121388
size:0x000010a8
name:RT_ICON
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x00122430
size:0x00000988
name:RT_ICON
language:LANG_ENGLISH
filetype:GLS_BINARY_LSB_FIRST
sublanguage:SUBLANG_ENGLISH_US
offset:0x00122db8
size:0x00000468
name:RT_DIALOG
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x00123220
size:0x00000144
name:RT_DIALOG
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x00123368
size:0x00000246
name:RT_DIALOG
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x001235b0
size:0x00000104
name:RT_DIALOG
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x001236b8
size:0x000000ee
name:RT_DIALOG
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x001237a8
size:0x0000013c
name:RT_DIALOG
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x001238e8
size:0x0000023e
name:RT_DIALOG
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x00123b28
size:0x000000fc
name:RT_DIALOG
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x00123c28
size:0x000000e6
name:RT_DIALOG
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x00123d10
size:0x00000130
name:RT_DIALOG
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x00123e40
size:0x00000232
name:RT_DIALOG
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x00124078
size:0x000000f0
name:RT_DIALOG
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x00124168
size:0x000000da
name:RT_DIALOG
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x00124248
size:0x00000130
name:RT_DIALOG
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x00124378
size:0x00000232
name:RT_DIALOG
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x001245b0
size:0x000000f0
name:RT_DIALOG
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x001246a0
size:0x000000da
name:RT_DIALOG
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x00124780
size:0x00000134
name:RT_DIALOG
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x001248b8
size:0x00000236
name:RT_DIALOG
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x00124af0
size:0x000000f4
name:RT_DIALOG
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x00124be8
size:0x000000de
name:RT_GROUP_ICON
language:LANG_ENGLISH
filetype:MS Windows icon resource - 8 icons, 256-colors
sublanguage:SUBLANG_ENGLISH_US
offset:0x00124cc8
size:0x00000076
name:RT_VERSION
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x00124d40
size:0x00000394
name:RT_MANIFEST
language:LANG_ENGLISH
filetype:XML document text
sublanguage:SUBLANG_ENGLISH_US
offset:0x001250d8
size:0x00000220

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号