VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Basic Information

MD5: 0017f7bbf9dc35c7e77dd15830a5cddf
file type: EXE
Production company: EZB Systems, Inc.
version: 9.6.6.3300---9.6.6.3300
Shell or compiler information: COMPILER:NSIS
{$lang.habo.subfile_info}>: UltraISO.exe / af5d05fd291df71946199f36c599cd74 / EXE
UltraISO.exe / af5d05fd291df71946199f36c599cd74 / EXE

Key behavior

Behavior description: 获取窗口截图信息
details: Foreground window Info: HWND = 0x00000000, DC = 0x81010558.
Foreground window Info: HWND = 0x00000000, DC = 0x29010567.
Foreground window Info: HWND = 0x00000000, DC = 0xbd010537.

File behavior

Behavior description: 创建文件
details: C:\Documents and Settings\Administrator\Local Settings\Temp\nsl51.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsb52.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\UltraISO\UltraISO.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\UltraISO\lame_enc.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\UltraISO\uikey.ini
C:\Documents and Settings\Administrator\Local Settings\Temp\UltraISO\ultraiso.ini
C:\Documents and Settings\Administrator\Local Settings\Temp\UltraISO\drivers\ISODrive.sys
C:\Documents and Settings\Administrator\Local Settings\Temp\UltraISO\drivers\ISODrv64.sys
C:\Documents and Settings\Administrator\Local Settings\Temp\UltraISO\drivers\IsoCmd.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\UltraISO\drivers\bootpart.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\UltraISO\drivers\bootpart.sys
C:\Documents and Settings\Administrator\Local Settings\Temp\UltraISO\drivers\bootpt64.sys
C:\Documents and Settings\Administrator\Local Settings\Temp\UltraISO\UltraISO\ultraiso.ini
C:\Documents and Settings\Administrator\Local Settings\Temp\nsd53.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsd53.tmp\System.dll
Behavior description: 创建可执行文件
details: C:\Documents and Settings\Administrator\Local Settings\Temp\UltraISO\lame_enc.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\UltraISO\drivers\ISODrive.sys
C:\Documents and Settings\Administrator\Local Settings\Temp\UltraISO\drivers\ISODrv64.sys
C:\Documents and Settings\Administrator\Local Settings\Temp\UltraISO\drivers\IsoCmd.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\UltraISO\drivers\bootpart.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\UltraISO\drivers\bootpart.sys
C:\Documents and Settings\Administrator\Local Settings\Temp\UltraISO\drivers\bootpt64.sys
C:\Documents and Settings\Administrator\Local Settings\Temp\nsd53.tmp\System.dll
Behavior description: 覆盖已有文件
details: C:\Documents and Settings\Administrator\Local Settings\Temp\nsb52.tmp
Behavior description: 查找文件
details: FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsd53.tmp
FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\UltraISO
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\UltraISO\drivers
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\UltraISO\drivers\isocmd.exe
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\UltraISO\drivers\IsoCmd.exe
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\UltraISO\UltraISO.exe
Behavior description: 删除文件
details: C:\Documents and Settings\Administrator\Local Settings\Temp\nsl51.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsb52.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsd53.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\UltraISO\drivers\bootpart.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\UltraISO\drivers\bootpart.sys
C:\Documents and Settings\Administrator\Local Settings\Temp\UltraISO\drivers\bootpt64.sys
C:\Documents and Settings\Administrator\Local Settings\Temp\UltraISO\drivers\ISODrive.sys
C:\Documents and Settings\Administrator\Local Settings\Temp\UltraISO\drivers\ISODrv64.sys
C:\Documents and Settings\Administrator\Local Settings\Temp\UltraISO\lame_enc.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\UltraISO\uikey.ini
C:\Documents and Settings\Administrator\Local Settings\Temp\nsd53.tmp\System.dll
Behavior description: 修改文件内容
details: C:\Documents and Settings\Administrator\Local Settings\Temp\nsb52.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsb52.tmp ---> Offset = 21853
C:\Documents and Settings\Administrator\Local Settings\Temp\nsb52.tmp ---> Offset = 38028
C:\Documents and Settings\Administrator\Local Settings\Temp\nsb52.tmp ---> Offset = 54201
C:\Documents and Settings\Administrator\Local Settings\Temp\nsb52.tmp ---> Offset = 70382
C:\Documents and Settings\Administrator\Local Settings\Temp\UltraISO\UltraISO.exe ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\UltraISO\UltraISO.exe ---> Offset = 16384
C:\Documents and Settings\Administrator\Local Settings\Temp\UltraISO\UltraISO.exe ---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\Temp\UltraISO\UltraISO.exe ---> Offset = 49152
C:\Documents and Settings\Administrator\Local Settings\Temp\UltraISO\UltraISO.exe ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\UltraISO\lame_enc.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\UltraISO\lame_enc.dll ---> Offset = 16384
C:\Documents and Settings\Administrator\Local Settings\Temp\UltraISO\lame_enc.dll ---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\Temp\UltraISO\lame_enc.dll ---> Offset = 49152
C:\Documents and Settings\Administrator\Local Settings\Temp\UltraISO\lame_enc.dll ---> Offset = 65536

Registry behavior

Behavior description: 修改注册表_延迟重命名项
details: \REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Session Manager\PendingFileRenameOperations

Other behavior

Behavior description: 创建互斥体
details: CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
UltraISO
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.MBM
Behavior description: 隐藏指定窗口
details: [Window,Class] = [,ComboLBox]
[Window,Class] = [,TToolBar]
[Window,Class] = [ToolBar3,TToolBar]
[Window,Class] = [ToolBar4,TToolBar]
[Window,Class] = [tbISOPath,TToolBar]
[Window,Class] = [ToolBar5,TToolBar]
[Window,Class] = [ToolBar6,TToolBar]
[Window,Class] = [tbDiskPath,TToolBar]
Behavior description: 打开事件
details: HookSwitchHookEnabledEvent
_fCanRegisterWithShellService
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000052
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000052
MSCTF.SendReceiveConection.Event.ELH.IC
MSCTF.SendReceive.Event.ELH.IC
Behavior description: 查找指定窗口
details: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description: 枚举窗口
details: N/A
Behavior description: 调整进程token权限
details: SE_LOAD_DRIVER_PRIVILEGE
Behavior description: 窗口信息
details: Pid = 3096, Hwnd=0x3042c, Text = 版权所有 (c)2002-2016 EZB Systems, Inc., ClassName = TStatusBar.
Pid = 3096, Hwnd=0x30420, Text = tbDiskPath, ClassName = TToolBar.
Pid = 3096, Hwnd=0x30422, Text = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\UltraISO, ClassName = TEdit.
Pid = 3096, Hwnd=0x3041e, Text = ToolBar6, ClassName = TToolBar.
Pid = 3096, Hwnd=0x30416, Text = ToolBar5, ClassName = TToolBar.
Pid = 3096, Hwnd=0x30410, Text = tbISOPath, ClassName = TToolBar.
Pid = 3096, Hwnd=0x30412, Text = /, ClassName = TEdit.
Pid = 3096, Hwnd=0x3040e, Text = ToolBar4, ClassName = TToolBar.
Pid = 3096, Hwnd=0x30406, Text = ToolBar3, ClassName = TToolBar.
Pid = 3096, Hwnd=0x3040a, Text = 不可引导光盘, ClassName = TStaticText.
Pid = 3096, Hwnd=0x30402, Text = 0KB, ClassName = TStaticText.
Pid = 3096, Hwnd=0x16032e, Text = UltraISO, ClassName = TfrmMain.
Behavior description: 获取窗口截图信息
details: Foreground window Info: HWND = 0x00000000, DC = 0x81010558.
Foreground window Info: HWND = 0x00000000, DC = 0x29010567.
Foreground window Info: HWND = 0x00000000, DC = 0xbd010537.
Behavior description: 可执行文件签名信息
details: C:\Documents and Settings\Administrator\Local Settings\Temp\UltraISO\lame_enc.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\UltraISO\drivers\ISODrive.sys(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\UltraISO\drivers\ISODrv64.sys(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\UltraISO\drivers\IsoCmd.exe(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\UltraISO\drivers\bootpart.exe(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\UltraISO\drivers\bootpart.sys(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\UltraISO\drivers\bootpt64.sys(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsd53.tmp\System.dll(签名验证: 未通过)
Behavior description: 可执行文件MD5
details: C:\Documents and Settings\Administrator\Local Settings\Temp\UltraISO\lame_enc.dll ---> ce133f15b2c900b018de0ccfb046dfdd
C:\Documents and Settings\Administrator\Local Settings\Temp\UltraISO\drivers\ISODrive.sys ---> 5645290b24d23612d8ae10bbe8bf03ce
C:\Documents and Settings\Administrator\Local Settings\Temp\UltraISO\drivers\ISODrv64.sys ---> e489d12ff435aeef4a5474c47d329590
C:\Documents and Settings\Administrator\Local Settings\Temp\UltraISO\drivers\IsoCmd.exe ---> c0618803912bea2270ff7126772d8090
C:\Documents and Settings\Administrator\Local Settings\Temp\UltraISO\drivers\bootpart.exe ---> c77843c280a632f7897362d17d31c97f
C:\Documents and Settings\Administrator\Local Settings\Temp\UltraISO\drivers\bootpart.sys ---> e89b724cd7ce6e0757b37713a4202927
C:\Documents and Settings\Administrator\Local Settings\Temp\UltraISO\drivers\bootpt64.sys ---> 28b2d49d7c5675bf3e290ffe5445c42d
C:\Documents and Settings\Administrator\Local Settings\Temp\nsd53.tmp\System.dll ---> 883eff06ac96966270731e4e22817e11
Behavior description: 打开互斥体
details: ShimCacheMutex
Behavior description: 加载新释放的文件
details: Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsd53.tmp\System.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\UltraISO\lame_enc.dll.

Run screenshot

VirSCAN