VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load
VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

00风车    Threatbook file behavior analysis report

Basic Information

file name: 00风车
file type: EXEx86
Threat level: malicious
MD5: 2a19ce32baa961a68fce3542a44b89ef
sha256: 04576554479c8ab11d107feef78bd96d0a63cde93d44f7485f108803a6155333

Document Threat Intelligence IOC Report

No intelligence IOC detected

Intelligence decision system

Undetected intelligence determination system

Network behavior report

domains: 0

Document release report

File release report not detected

File process number report

nofind

Document behavior signature report

No file behavior report detected

Static information

Section name: AUTO
Virtual address: 0x00001000
Physical address: 0x00000400
Physical size: 0x00001e00
Section permissions: R-E
Section name: DGROUP
Virtual address: 0x00003000
Physical address: 0x00002200
Physical size: 0x00021400
Section permissions: RW-
Section name: .idata
Virtual address: 0x00025000
Physical address: 0x00023600
Physical size: 0x00000600
Section permissions: RW-
Section name: .reloc
Virtual address: 0x00026000
Physical address: 0x00023c00
Physical size: 0x00000400
Section permissions: R--
Section name: .rsrc
Virtual address: 0x00027000
Physical address: 0x00024000
Physical size: 0x00000c00
Section permissions: R--
import_hash: 84d0c1227b1d7804ea91bf0d1e8ae11c
time_stamp: 2011-01-21 16:43:58
entry_point_section: AUTO
image_base: 0x400000
entry_point: 0x1548
name: RT_DIALOG
language: LANG_NEUTRAL
filetype: data
sublanguage: SUBLANG_NEUTRAL
offset: 0x000250b8
size: 0x00000360
name: RT_DIALOG
language: LANG_NEUTRAL
filetype: ASCII text, with no line terminators
sublanguage: SUBLANG_NEUTRAL
offset: 0x00025418
size: 0x0000031c