VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

   File information

Virscan.org multi-engine scan report
Behavior analysis report:         Habo file analysis

Basic Information

MD5:33b61df30b8d1a22df87d17f2ca8f308
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
Package names:
Minimum operating environment:
copyright:

Key behavior

Behavior description: 写权限映射文件
details: CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.MarshalInterface.FileMap.IOI..HDJIG
MSCTF.MarshalInterface.FileMap.IOI.B.HEJIG
MSCTF.MarshalInterface.FileMap.IOI.C.HEJIG
MSCTF.MarshalInterface.FileMap.IOI.D.HEJIG
MSCTF.MarshalInterface.FileMap.IOI.E.HEJIG
MSCTF.MarshalInterface.FileMap.IOI.F.HEJIG
MSCTF.MarshalInterface.FileMap.IOI.G.HEJIG
MSCTF.Shared.SFM.IOI
MSCTF.MarshalInterface.FileMap.IOI.H.FNPMG
MSCTF.MarshalInterface.FileMap.IOI.I.FNPMG
MSCTF.MarshalInterface.FileMap.IOI.J.FNPMG
MSCTF.MarshalInterface.FileMap.IOI.K.FNPMG
MSCTF.MarshalInterface.FileMap.IOI.L.FNPMG
MSCTF.MarshalInterface.FileMap.IOI.M.FNPMG
Behavior description: 常规加载驱动
details: \??\C:\Program Files\UltraISO\drivers\ISODrive.sys
Behavior description: 在桌面创建快捷方式
details: C:\Documents and Settings\All Users\桌面\UltraISO.lnk
Behavior description: 设置特殊文件夹属性
details: C:\Program Files\UltraISO\backup
Behavior description: 隐藏指定窗口
details: [Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [,ComboLBox]

Process behavior

Behavior description: 隐藏窗口创建进程
details: ImagePath = , CmdLine = "c:\program files\ultraiso\drivers\isocmd.exe" -i
Behavior description: 创建进程
details: ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = "C:\WINDOWS\system32\regsvr32.exe" /s "C:\Program Files\UltraISO\isoshell.dll"
Behavior description: 创建新文件进程
details: ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-LL1QF.tmp\sample.tmp, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-LL1QF.tmp\sample.tmp" /SL5="$301E4,2003467,126976,c:\%temp%\1438329082.302362.exe"
ImagePath = C:\Program Files\UltraISO\drivers\isocmd.exe, CmdLine = "C:\Program Files\UltraISO\drivers\isocmd.exe" -i

File behavior

Behavior description: 在系统敏感位置(如开始菜单等)释放链接或快捷方式
details: C:\Documents and Settings\All Users\「开始」菜单\程序\UltraISO\UltraISO.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\UltraISO\UltraISO 使用说明.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\UltraISO\UltraISO 在线订购.url
C:\Documents and Settings\All Users\「开始」菜单\程序\UltraISO\UltraISO 主页.url
C:\Documents and Settings\All Users\「开始」菜单\程序\UltraISO\UltraISO 简介.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\UltraISO\UltraISO 版本历史.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\UltraISO\卸载 UltraISO.lnk
Behavior description: 创建可执行文件
details: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-LL1QF.tmp\sample.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-Q1URM.tmp\_isetup\_shfoldr.dll
C:\Program Files\UltraISO\is-2BU52.tmp
C:\Program Files\UltraISO\is-NP678.tmp
C:\Program Files\UltraISO\is-GVGIC.tmp
C:\Program Files\UltraISO\drivers\is-RRMBC.tmp
C:\Program Files\UltraISO\drivers\is-Q0LEK.tmp
C:\Program Files\UltraISO\drivers\is-403U3.tmp
C:\Program Files\UltraISO\drivers\is-S5J7K.tmp
C:\Program Files\UltraISO\drivers\is-REA4I.tmp
C:\Program Files\UltraISO\drivers\is-3HONF.tmp
C:\Program Files\Common Files\EZB Systems\is-94M18.tmp
Behavior description: 在桌面创建快捷方式
details: C:\Documents and Settings\All Users\桌面\UltraISO.lnk
Behavior description: 写权限映射文件
details: CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.MarshalInterface.FileMap.IOI..HDJIG
MSCTF.MarshalInterface.FileMap.IOI.B.HEJIG
MSCTF.MarshalInterface.FileMap.IOI.C.HEJIG
MSCTF.MarshalInterface.FileMap.IOI.D.HEJIG
MSCTF.MarshalInterface.FileMap.IOI.E.HEJIG
MSCTF.MarshalInterface.FileMap.IOI.F.HEJIG
MSCTF.MarshalInterface.FileMap.IOI.G.HEJIG
MSCTF.Shared.SFM.IOI
MSCTF.MarshalInterface.FileMap.IOI.H.FNPMG
MSCTF.MarshalInterface.FileMap.IOI.I.FNPMG
MSCTF.MarshalInterface.FileMap.IOI.J.FNPMG
MSCTF.MarshalInterface.FileMap.IOI.K.FNPMG
MSCTF.MarshalInterface.FileMap.IOI.L.FNPMG
MSCTF.MarshalInterface.FileMap.IOI.M.FNPMG
Behavior description: 重命名文件
details: C:\Program Files\UltraISO\is-2BU52.tmp ---> C:\Program Files\UltraISO\unins000.exe
C:\Program Files\UltraISO\is-NP678.tmp ---> C:\Program Files\UltraISO\UltraISO.exe
C:\Program Files\UltraISO\is-GVGIC.tmp ---> C:\Program Files\UltraISO\isoshell.dll
C:\Program Files\UltraISO\drivers\is-RRMBC.tmp ---> C:\Program Files\UltraISO\drivers\ISODrive.sys
C:\Program Files\UltraISO\drivers\is-Q0LEK.tmp ---> C:\Program Files\UltraISO\drivers\ISODrv64.sys
C:\Program Files\UltraISO\drivers\is-403U3.tmp ---> C:\Program Files\UltraISO\drivers\IsoCmd.exe
C:\Program Files\UltraISO\drivers\is-S5J7K.tmp ---> C:\Program Files\UltraISO\drivers\bootpart.sys
C:\Program Files\UltraISO\drivers\is-REA4I.tmp ---> C:\Program Files\UltraISO\drivers\bootpt64.sys
C:\Program Files\UltraISO\drivers\is-3HONF.tmp ---> C:\Program Files\UltraISO\drivers\bootpart.exe
C:\Program Files\Common Files\EZB Systems\is-94M18.tmp ---> C:\Program Files\Common Files\EZB Systems\lame_enc.dll
C:\Program Files\UltraISO\is-9UMAG.tmp ---> C:\Program Files\UltraISO\ultraiso.chm
C:\Program Files\UltraISO\is-GA4HU.tmp ---> C:\Program Files\UltraISO\License.txt
C:\Program Files\UltraISO\is-LJJLA.tmp ---> C:\Program Files\UltraISO\Readme.txt
C:\Program Files\UltraISO\is-LQETG.tmp ---> C:\Program Files\UltraISO\History.txt
Behavior description: 设置特殊文件夹属性
details: C:\Program Files\UltraISO\backup
Behavior description: 修改文件内容
details: C:\Program Files\UltraISO\is-9UMAG.tmp---> Offset = 0
C:\Program Files\UltraISO\is-GA4HU.tmp---> Offset = 0
C:\Program Files\UltraISO\is-LJJLA.tmp---> Offset = 0
C:\Program Files\UltraISO\is-LQETG.tmp---> Offset = 0
C:\Documents and Settings\All Users\「开始」菜单\程序\UltraISO\UltraISO.lnk---> Offset = 0
C:\Documents and Settings\All Users\「开始」菜单\程序\UltraISO\UltraISO 使用说明.lnk---> Offset = 0
C:\Documents and Settings\All Users\「开始」菜单\程序\UltraISO\UltraISO 在线订购.url---> Offset = 0
C:\Documents and Settings\All Users\「开始」菜单\程序\UltraISO\UltraISO 主页.url---> Offset = 0
C:\Documents and Settings\All Users\「开始」菜单\程序\UltraISO\UltraISO 简介.lnk---> Offset = 0
C:\Documents and Settings\All Users\「开始」菜单\程序\UltraISO\UltraISO 版本历史.lnk---> Offset = 0
C:\Documents and Settings\All Users\「开始」菜单\程序\UltraISO\卸载 UltraISO.lnk---> Offset = 0
C:\Documents and Settings\All Users\桌面\UltraISO.lnk---> Offset = 0
C:\Program Files\UltraISO\unins000.dat---> Offset = 460

Registry behavior

Behavior description: 修改注册表
details: \REGISTRY\MACHINE\SOFTWARE\EasyBoot Systems\UltraISO\5.0\
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\EasyBoot Systems\UltraISO\5.0\
\REGISTRY\MACHINE\SOFTWARE\EasyBoot Systems\UltraISO\5.0\Shared
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\EasyBoot Systems\UltraISO\5.0\Shared
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\EasyBoot Systems\UltraISO\5.0\XPBurn
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\EasyBoot Systems\UltraISO\5.0\ISOFolder
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\EasyBoot Systems\UltraISO\5.0\UseSkins
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\EasyBoot Systems\UltraISO\5.0\SoundEffect
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\EasyBoot Systems\UltraISO\5.0\Language
\REGISTRY\MACHINE\SOFTWARE\EasyBoot Systems\UltraISO\5.0\Install
\REGISTRY\MACHINE\SOFTWARE\Classes\.iso\
\REGISTRY\MACHINE\SOFTWARE\Classes\.isz\
\REGISTRY\MACHINE\SOFTWARE\Classes\.ui\
\REGISTRY\MACHINE\SOFTWARE\Classes\UltraISO\
\REGISTRY\MACHINE\SOFTWARE\Classes\UltraISO\DefaultIcon\
Behavior description: 修改注册表_系统右键菜单
details: \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\UltraISO\
\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\UltraISO\

Other behavior

Behavior description: 创建驱动文件镜像
details: C:\Program Files\UltraISO\drivers\ISODrive.sys
Behavior description: 创建互斥体
details: CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.Shared.MUTEX.AEH
MSCTF.Shared.MUTEX.IOI
SHIMLIB_LOG_MUTEX
Behavior description: 隐藏指定窗口
details: [Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [,ComboLBox]
Behavior description: 常规加载驱动
details: \??\C:\Program Files\UltraISO\drivers\ISODrive.sys
Behavior description: 查找指定窗口
details: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description: 窗口信息
details: Pid = 2276, Hwnd=0x4021e, Text = 欢迎使用UltraISO安装向导 , ClassName = TNewStaticText.
Pid = 2276, Hwnd=0x50216, Text = 本向导将在您的电脑上安装UltraISO Premium V9.65 建议您在继续之前关闭其他所有应用程序。 点击“下一步”继续,或“取消”退出安装, ClassName = TNewStaticText.
Pid = 2276, Hwnd=0x301c4, Text = END-USER LICENSE AGREEMENT FOR UltraISO. ======================================== IMPORTANT - READ CAREFULLY: This End-User, ClassName = TRichEditViewer.
Pid = 2276, Hwnd=0x601ae, Text = C:\Program Files\UltraISO, ClassName = TEdit.
Pid = 2276, Hwnd=0x501bc, Text = 下一步(&N) >, ClassName = TNewButton.
Pid = 2276, Hwnd=0x50230, Text = 取消, ClassName = TNewButton.
Pid = 2276, Hwnd=0x50252, Text = 安装向导 - UltraISO, ClassName = TWizardForm.
Pid = 2276, Hwnd=0x301f0, Text = 许可协议, ClassName = TNewStaticText.
Pid = 2276, Hwnd=0x60212, Text = 请阅读以下重要信息,然后再进入下一步。, ClassName = TNewStaticText.
Pid = 2276, Hwnd=0x5020a, Text = 请阅读以下许可协议。您必须接受此协议的条款,然后才能继续安装。, ClassName = TNewStaticText.
Pid = 2276, Hwnd=0x60214, Text = 我接受协议(&A), ClassName = TNewRadioButton.
Pid = 2276, Hwnd=0x4023c, Text = 我不接受协议(&D), ClassName = TNewRadioButton.
Pid = 2276, Hwnd=0x301ec, Text = < 上一步(&B), ClassName = TNewButton.
Pid = 2276, Hwnd=0x301f0, Text = 选择安装位置, ClassName = TNewStaticText.
Pid = 2276, Hwnd=0x60212, Text = 将UltraISO安装到何处?, ClassName = TNewStaticText.
Behavior description: 获取系统权限
details: SE_LOAD_DRIVER_PRIVILEGE
Behavior description: 枚举窗口
details: N/A