× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c10b430d032a1260bcf2c9988734739dad144c6bba40a394f18ed423e799b6d5
File name: vti-rescan
Detection ratio: 5 / 53
Analysis date: 2014-09-18 23:47:12 UTC ( 4 years, 6 months ago ) View latest
Antivirus Result Update
Avast Win32:Trojan-gen 20140918
Kaspersky Trojan-Spy.Win32.Zbot.uedl 20140919
Malwarebytes Spyware.Zbot.ED 20140918
Panda Trj/Zbot.Y 20140918
TrendMicro TROJ_FORUCON.BMC 20140918
Ad-Aware 20140918
AegisLab 20140918
Yandex 20140918
AhnLab-V3 20140918
Antiy-AVL 20140918
AVG 20140918
Avira (no cloud) 20140919
AVware 20140918
Baidu-International 20140918
BitDefender 20140919
Bkav 20140918
ByteHero 20140919
CAT-QuickHeal 20140918
ClamAV 20140918
CMC 20140918
Comodo 20140918
Cyren 20140918
DrWeb 20140918
Emsisoft 20140918
F-Prot 20140918
F-Secure 20140919
Fortinet 20140918
GData 20140919
Ikarus 20140918
Jiangmin 20140918
K7AntiVirus 20140918
K7GW 20140918
Kingsoft 20140919
McAfee 20140919
McAfee-GW-Edition 20140918
Microsoft 20140918
eScan 20140919
NANO-Antivirus 20140918
Norman 20140918
nProtect 20140918
Qihoo-360 20140919
Rising 20140918
Sophos AV 20140918
SUPERAntiSpyware 20140918
Symantec 20140918
Tencent 20140919
TheHacker 20140917
TotalDefense 20140918
VBA32 20140918
VIPRE 20140919
ViRobot 20140918
Zillya 20140917
Zoner 20140916
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) EZB Systems, Inc.

Publisher EZB Systems, Inc.
Product UltraISO Premium
Original name ultraiso.exe
Internal name UltraISO
File version 9.5.3.3
Description UltraISO Premium
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-09-18 11:08:25
Entry Point 0x000034D0
Number of sections 5
PE sections
PE imports
InitializeAcl
GetUserNameW
LookupAccountNameW
LineTo
MoveToEx
HeapSize
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
GetFileSize
RtlUnwind
lstrlenW
HeapSetInformation
GetCurrentProcess
GetConsoleMode
DecodePointer
LocalAlloc
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
EncodePointer
GetProcessHeap
EnumSystemCodePagesW
SetStdHandle
RaiseException
WideCharToMultiByte
GetModuleFileNameW
TlsFree
SetFilePointer
GetSystemTimeAsFileTime
DeleteCriticalSection
FindFirstFileA
SetUnhandledExceptionFilter
WriteFile
CloseHandle
IsProcessorFeaturePresent
FindNextFileA
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TerminateProcess
IsValidCodePage
HeapCreate
SetLastError
CreateFileW
GlobalAlloc
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
ExitProcess
GetCurrentThreadId
InterlockedIncrement
GetCurrentProcessId
WriteConsoleW
LeaveCriticalSection
SafeArrayCreate
SysFreeString
RegisterActiveObject
VariantInit
SafeArrayAccessData
GetWindowThreadProcessId
GetForegroundWindow
LoadIconA
SetPropA
MessageBoxA
DestroyMenu
IsWindow
InternetGetLastResponseInfoW
CoCreateInstance
CoUninitialize
CoInitialize
Number of PE resources by type
RT_DIALOG 3
RT_ICON 2
Struct(240) 1
RT_MANIFEST 1
RT_MENU 1
RT_ACCELERATOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 10
RUSSIAN 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
177664

ImageVersion
0.0

ProductName
UltraISO Premium

FileVersionNumber
9.5.3.3

LanguageCode
Russian

FileFlagsMask
0x003f

FileDescription
UltraISO Premium

CharacterSet
Unicode

LinkerVersion
10.0

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
9.5.3.3

TimeStamp
2014:09:18 12:08:25+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
UltraISO

ProductVersion
9.5.3.3

SubsystemVersion
5.1

OSVersion
5.1

OriginalFilename
ultraiso.exe

LegalCopyright
Copyright (c) EZB Systems, Inc.

MachineType
Intel 386 or later, and compatibles

CompanyName
EZB Systems, Inc.

CodeSize
49664

FileSubtype
0

ProductVersionNumber
9.5.3.3

EntryPoint
0x34d0

ObjectFileType
Executable application

File identification
MD5 30443e6530b5ea2ab66c643b845854b9
SHA1 b9a8289eabc1d46b999b4d9c3b2b888fd1bb5d0b
SHA256 c10b430d032a1260bcf2c9988734739dad144c6bba40a394f18ed423e799b6d5
ssdeep
6144:MtDohhhoPpD5BiVes/XVOgoadvPawOLBT:MFohhhoBlqes/809PnCBT

authentihash 6007c8635af99363866b5e737fb6ca5de3603d38952859d1dc69d2f3fa39dcdf
imphash aa015d67716fd476650f5a539da3170d
File size 223.0 KB ( 228352 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.1%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2014-09-18 14:27:19 UTC ( 4 years, 6 months ago )
Last submission 2014-09-18 23:47:12 UTC ( 4 years, 6 months ago )
File names c10b430d032a1260bcf2c9988734739dad144c6bba40a394f18ed423e799b6d5.exe
UltraISO
vti-rescan
ultraiso.exe
30443e6530b5ea2ab66c643b845854b9.kaf
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections