VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load
VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

00蹉跎    Threatbook file behavior analysis report

Basic Information

file name: 00蹉跎
file type: EXEx86
Threat level: malicious
MD5: 81a8e44e0457a2abcdac5d50456c96f1
sha256: 0a255d8590f808ef6a3f237b3fc70d743b68536d38da5667eed68a6cff60723e

Document Threat Intelligence IOC Report

No intelligence IOC detected

Intelligence decision system

Undetected intelligence determination system

Network behavior report

domains: 0

Document release report

File release report not detected

File process number report

Process details: 共分析了0个进程

Document behavior signature report

Low risk behavior 0
Low risk behavior
Static File Characteristics: {"en": "PE file does not import any functions", "cn": "此可执行文件没有导入任何函数"}
High risk behavior 0
Low risk behavior 0
Low risk behavior
Reverse Engineering: {"en": "The binary likely contains encrypted or compressed data indicative of a packer", "cn": "这个二进制可能包含被加密或被压缩的数据,可能被加壳"}
High risk behavior 0

Static information

Section name: .text
Virtual address: 0x00001000
Physical address: 0x00000600
Physical size: 0x00077400
Section permissions: R-E
Section name: .rdata
Virtual address: 0x00079000
Physical address: 0x00077a00
Physical size: 0x00000200
Section permissions: R--
Section name: .data
Virtual address: 0x0007a000
Physical address: 0x00077c00
Physical size: 0x00000200
Section permissions: RW-
import_hash:
time_stamp: 2015-01-06 08:36:08
entry_point_section: .text
image_base: 0x400000
entry_point: 0x1000
PE resource information 0