VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load
52ebd1e19d1a3d3df7b94507ad7f2ea0    Threatbook file behavior analysis report
Virscan.org multi-engine scan report
Basic Information
file name:52ebd1e19d1a3d3df7b94507ad7f2ea0
file type:EXEx86
Submission time:2018-12-15 17:03:21
Threat level:malicious
MD5:52ebd1e19d1a3d3df7b94507ad7f2ea0
sha256:17362bab010bb4bde5e00197fa3afa1b38fdf6e72599ee92a280b81be8706eee
Document Threat Intelligence IOC Report
No intelligence IOC detected
Intelligence decision system
Undetected intelligence determination system
Network behavior report
domains:0
dns:0
http:0
udp:0
smtp:0
icmp:0
irc:0
hosts:0
Document release report
file name:shervans.dll
file type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
file size:8192
MD5:b7b9acdca5341ae2351a2154abf76581
file name:ctfmen.exe
file type:PE32 executable (GUI) Intel 80386, for MS Windows
file size:2560
MD5:e8176c4ebf8e006fbd921182f35b95fb
file name:grcopy.dll
file type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
file size:99360
MD5:c4c70b656e0437499392eca0d559e2de
file name:satornas.dll
file type:Microsoft Windows Autorun file.
file size:183
MD5:b44c5b8487a8aca4c640d4ffe7dd2b47
File process number report
Process details:共分析了2个进程
Document behavior signature report
Low risk behavior0
Suspicious behavior
Network correlation:Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
High risk behavior0
Low risk behavior0
Suspicious behavior
System Sensitive Operations:Copy itself to other directories
High risk behavior0
Low risk behavior0
Suspicious behavior
System Sensitive Operations:Creates executable files on the filesystem
High risk behavior0
Low risk behavior0
Suspicious behavior
System Sensitive Operations:Creates hidden or system file
High risk behavior0
Low risk behavior0
Suspicious behavior
Static File Characteristics:May infect USB drives
High risk behavior0
Low risk behavior0
Suspicious behavior0
High risk behavior
Persistence:Installs itself for autorun at Windows startup
Low risk behavior0
Suspicious behavior0
High risk behavior
Reverse Engineering:Checks if process is being debugged by a debugger
Low risk behavior0
Suspicious behavior0
High risk behavior
System Sensitive Operations:Set file attributes to hidden
Low risk behavior0
Suspicious behavior0
High risk behavior
System Sensitive Operations:Stops Windows services
Static information
Section name:6b62sizb
Virtual address:0x00001000
Physical address:0x00000200
Physical size:0x0000f000
Section permissions:RWE
Section name:6103xgha
Virtual address:0x00010000
Physical address:0x0000f200
Physical size:0x00008600
Section permissions:RW-
Section name:2x9zyudp
Virtual address:0x00019000
Physical address:0x00017800
Physical size:0x00000c00
Section permissions:RW-
import_hash:b2bf8d6b065ed7c8836ec38608870fc9
time_stamp:2010-01-30 19:40:11
entry_point_section:6b62sizb
entry_point_section:6b62sizb
image_base:0x400000
entry_point:0x12a0
name:RT_ICON
language:LANG_ENGLISH
filetype:data
sublanguage:SUBLANG_ENGLISH_US
offset:0x000190d4
size:0x000002e8
name:RT_ICON
language:LANG_ENGLISH
filetype:GLS_BINARY_LSB_FIRST
sublanguage:SUBLANG_ENGLISH_US
offset:0x000193c0
size:0x00000128
name:RT_GROUP_ICON
language:LANG_ENGLISH
filetype:MS Windows icon resource - 2 icons, 32x32, 16-colors
sublanguage:SUBLANG_ENGLISH_US
offset:0x000194ec
size:0x00000022

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号