VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load
VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

242341c6b02eea1532854aabd0187b7c    Threatbook file behavior analysis report

Basic Information

file name: 242341c6b02eea1532854aabd0187b7c
file type: EXEx86
Threat level: malicious
MD5: 242341c6b02eea1532854aabd0187b7c
sha256: b958bd6ab505e82d00a617fbf94fe3240f892bbaf40a8ffa029a8ed858d3687f

Document Threat Intelligence IOC Report

No intelligence IOC detected

Intelligence decision system

Undetected intelligence determination system

Network behavior report

domains
ip: 3.215.23.197
domain: ns2.cloud-name.ru
ip:
domain: ransomware.bit
ip: 3.215.23.197
domain: ns1.cloud-name.ru
ip:
domain: zonealarm.bit
ip: 66.171.248.178
domain: ipv4bot.whatismyipaddress.com
dns
type: A
request: ipv4bot.whatismyipaddress.com
type: A
request: ns2.cloud-name.ru
type: AAAA
request: zonealarm.bit
type: AAAA
request: ransomware.bit
type: A
request: zonealarm.bit
type: A
request: ns1.cloud-name.ru
type: A
request: ransomware.bit
http
count: 2
url:
udp: 0
smtp: 0
icmp: 0
irc: 0
hosts: 0

Document release report

File release report not detected

File process number report

nofind

Document behavior signature report

No file behavior report detected

Static information

Section name: .text
Virtual address: 0x00001000
Physical address: 0x00000400
Physical size: 0x0001b600
Section permissions: R-E
Section name: .rdata
Virtual address: 0x0001d000
Physical address: 0x0001ba00
Physical size: 0x00003400
Section permissions: R--
Section name: .data
Virtual address: 0x00021000
Physical address: 0x0001ee00
Physical size: 0x00001a00
Section permissions: RW-
Section name: .rsrc
Virtual address: 0x00087000
Physical address: 0x00020800
Physical size: 0x0002d800
Section permissions: R--
Section name: .reloc
Virtual address: 0x000b5000
Physical address: 0x0004e000
Physical size: 0x00001600
Section permissions: R--
import_hash: 0e19094c3312dddc95e9be66004589b3
time_stamp: 2018-04-06 04:33:26
entry_point_section: .text
image_base: 0x400000
entry_point: 0x1ce3
name: WISYBF
language: LANG_NEUTRAL
filetype: data
sublanguage: SUBLANG_NEUTRAL
offset: 0x000874e8
size: 0x000181b0
name: RT_BITMAP
language: LANG_NEUTRAL
filetype: data
sublanguage: SUBLANG_NEUTRAL
offset: 0x0009f698
size: 0x000058d8
name: RT_ICON
language: LANG_NEUTRAL
filetype: data
sublanguage: SUBLANG_NEUTRAL
offset: 0x000a4f70
size: 0x00000ea8
name: RT_ICON
language: LANG_NEUTRAL
filetype: data
sublanguage: SUBLANG_NEUTRAL
offset: 0x000a5e18
size: 0x000008a8
name: RT_ICON
language: LANG_NEUTRAL
filetype: data
sublanguage: SUBLANG_NEUTRAL
offset: 0x000a66c0
size: 0x000006c8
name: RT_ICON
language: LANG_NEUTRAL
filetype: GLS_BINARY_LSB_FIRST
sublanguage: SUBLANG_NEUTRAL
offset: 0x000a6d88
size: 0x00000568
name: RT_ICON
language: LANG_NEUTRAL
filetype: dBase III DBT, version number 0, next free block index 40
sublanguage: SUBLANG_NEUTRAL
offset: 0x000a72f0
size: 0x00001ca8
name: RT_ICON
language: LANG_NEUTRAL
filetype: data
sublanguage: SUBLANG_NEUTRAL
offset: 0x000a8f98
size: 0x00000748
name: RT_ICON
language: LANG_NEUTRAL
filetype: dBase III DBT, version number 0, next free block index 40
sublanguage: SUBLANG_NEUTRAL
offset: 0x000a96e0
size: 0x000025a8
name: RT_ICON
language: LANG_NEUTRAL
filetype: data
sublanguage: SUBLANG_NEUTRAL
offset: 0x000abc88
size: 0x000010a8
name: RT_ICON
language: LANG_NEUTRAL
filetype: data
sublanguage: SUBLANG_NEUTRAL
offset: 0x000acd30
size: 0x00000988
name: RT_ICON
language: LANG_NEUTRAL
filetype: GLS_BINARY_LSB_FIRST
sublanguage: SUBLANG_NEUTRAL
offset: 0x000ad6b8
size: 0x00000468
name: RT_ICON
language: LANG_NEUTRAL
filetype: data
sublanguage: SUBLANG_NEUTRAL
offset: 0x000adb20
size: 0x00000ea8
name: RT_ICON
language: LANG_NEUTRAL
filetype: data
sublanguage: SUBLANG_NEUTRAL
offset: 0x000ae9c8
size: 0x000008a8
name: RT_ICON
language: LANG_NEUTRAL
filetype: data
sublanguage: SUBLANG_NEUTRAL
offset: 0x000af270
size: 0x000006c8
name: RT_ICON
language: LANG_NEUTRAL
filetype: GLS_BINARY_LSB_FIRST
sublanguage: SUBLANG_NEUTRAL
offset: 0x000af938
size: 0x00000568
name: RT_ICON
language: LANG_NEUTRAL
filetype: data
sublanguage: SUBLANG_NEUTRAL
offset: 0x000afea0
size: 0x000025a8
name: RT_ICON
language: LANG_NEUTRAL
filetype: data
sublanguage: SUBLANG_NEUTRAL
offset: 0x000b2448
size: 0x000010a8
name: RT_ICON
language: LANG_NEUTRAL
filetype: dBase III DBT, version number 0, next free block index 40
sublanguage: SUBLANG_NEUTRAL
offset: 0x000b34f0
size: 0x00000988
name: RT_ICON
language: LANG_NEUTRAL
filetype: GLS_BINARY_LSB_FIRST
sublanguage: SUBLANG_NEUTRAL
offset: 0x000b3e78
size: 0x00000468
name: RT_STRING
language: LANG_NEUTRAL
filetype: data
sublanguage: SUBLANG_NEUTRAL
offset: 0x000b42e0
size: 0x0000029a
name: RT_GROUP_ICON
language: LANG_NEUTRAL
filetype: data
sublanguage: SUBLANG_NEUTRAL
offset: 0x000b457c
size: 0x00000092
name: RT_GROUP_ICON
language: LANG_NEUTRAL
filetype: data
sublanguage: SUBLANG_NEUTRAL
offset: 0x000b4610
size: 0x00000076