VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load
VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

shell.exe    Threatbook file behavior analysis report

Basic Information

file name: shell.exe
file type: EXEx86
Threat level: malicious
MD5: aaecf82cab88693d996ae04a4a42d0e7
sha256: 5a258cf368de97633b1ae87bab0837208e8d87668567fa54ff3d0a8ce9638868

Document Threat Intelligence IOC Report

No intelligence IOC detected

Intelligence decision system

Undetected intelligence determination system

Network behavior report

domains: 0

Document release report

File release report not detected

File process number report

nofind

Document behavior signature report

Low risk behavior
Static File Characteristics: {"en": "Found potential IP address or url in binary/memory", "cn": "在文件内存中发现IP地址或url"}
Suspicious behavior 0
High risk behavior 0
Low risk behavior 0
Low risk behavior
Reverse Engineering: {"en": "The binary likely contains encrypted or compressed data indicative of a packer", "cn": "这个二进制可能包含被加密或被压缩的数据,可能被加壳"}
High risk behavior 0

Static information

Section name: .text
Virtual address: 0x00001000
Physical address: 0x00001000
Physical size: 0x0000b000
Section permissions: R-E
Section name: .rdata
Virtual address: 0x0000c000
Physical address: 0x0000c000
Physical size: 0x00001000
Section permissions: R--
Section name: .data
Virtual address: 0x0000d000
Physical address: 0x0000d000
Physical size: 0x00004000
Section permissions: RW-
Section name: .rsrc
Virtual address: 0x00015000
Physical address: 0x00011000
Physical size: 0x00001000
Section permissions: R--
import_hash: 481f47bbb2c9c21e108d65f52b04c448
time_stamp: 2009-06-13 07:41:40
entry_point_section: .text
image_base: 0x400000
entry_point: 0x2cfe
name: RT_VERSION
language: LANG_ENGLISH
filetype: data
sublanguage: SUBLANG_ENGLISH_US
offset: 0x00015060
size: 0x00000768