» virtualcd.exe
Overview
Analysis
File Details

virtualcd.exe

Portable WinCDEmu

JuiceSoft Ltd

The executable virtualcd.exe, “Portable WinCDEmu [BETA]” has been detected as malware by 40 anti-virus scanners.

File name:

virtualcd.exe

Publisher:

JuiceSoft Ltd (signed and verified)

Product:

Portable WinCDEmu

Description:

Portable WinCDEmu [BETA]

Version:

3, 4, 0, 1

MD5:

dfead2db7301621506e6c7dd75d294ac

SHA-1:

53412f050e2211ee29f3d8d26c0f95b02e4cbd80

SHA-256:

fe0e8ce4f2e9e3f91e189be5a37678a0f87b4baea95c07bce5fdda14477ab8f0

Scanner detections:

40 / 68

Status:

Malware

Explanation:

virtualcd.exe is infected by a worm that might download, install and run additional malware as well as may spread to other executable files.

Analysis date:

4/23/2024 5:22:38 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Ramnit

838

Agnitum Outpost

Win32.Ramnit.Gen.3

7.1.1

AhnLab V3 Security

Win32/Ramnit.B

2014.08.14

Avira AntiVirus

W32/Ramnit.A

7.11.30.172

avast!

Win32:RmnDrp

2014.9-141019

AVG

Win32/Ramnit.A

2015.0.3316

Baidu Antivirus

Virus.Win32.Nimnul.$a

4.0.3.141019

Bitdefender

Win32.Ramnit

1.0.20.1460

Bkav FE

W32.RammitNNA.PE

1.3.0.4959

Clam AntiVirus

W32.Ramnit-1

0.98/19279

Comodo Security

Virus.Win32.Ramnit.A

19178

Dr.Web

Win32.Rmnet

9.0.1.0292

Emsisoft Anti-Malware

Win32.Ramnit

8.14.10.19.06

ESET NOD32

Win32/Ramnit.A virus

8.7.0.302.0

Fortinet FortiGate

W32/Ramnit.C

10/19/2014

F-Prot

W32/Ramnit.B

v6.4.6.5.141

F-Secure

Win32.Ramnit

11.2014-19-10_1

G Data

Win32.Ramnit

14.10.24

IKARUS anti.virus

Virus.Win32.Ramnit

t3scan.1.7.5.0

K7 AntiVirus

Virus

13.183.13043

Kaspersky

Virus.Win32.Nimnul

14.0.0.3076

Malwarebytes

Virus.Ramnit

v2014.10.19.06

McAfee

Virus.W32/Ramnit.a

5600.6972

Microsoft Security Essentials

Threat.Undefined

1.179.2953.0

MicroWorld eScan

Win32.Ramnit

15.0.0.876

NANO AntiVirus

Virus.Win32.Nimnul.bpchjo

0.28.2.61519

Norman

Krap.XK

11.20141019

nProtect

Win32.Ramnit

14.08.13.01

Panda Antivirus

W32/Cosmu.gen

14.10.19.06

Qihoo 360 Security

Virus.Win32.Ramnit.B

1.0.0.1015

Quick Heal

W32.Ramnit.A

10.14.14.00

Rising Antivirus

PE:Win32.Ramnit.a!1590234

23.00.65.141017

Sophos

W32/Patched-I

4.98

Total Defense

Win32/Ramnit.A

37.0.11118

Trend Micro House Call

PE_RAMNIT.H

7.2.292

Trend Micro

PE_RAMNIT.H

10.465.19

Vba32 AntiVirus

Virus.Win32.Nimnul.a

3.12.26.3

VIPRE Antivirus

Threat.4726519

32186

ViRobot

Win32.Ramnit.E

2011.4.7.4223

Zillya! Antivirus

Virus.Nimnul.Win32.2

2.0.0.1880

File size:

235.2 KB (240,832 bytes)

Product version:

3, 4, 0, 1

SysProgs.org

Original file name:

PortableWinCDEmu.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\juicesoft\virtualcd.exe

Digital Signature

Signed by:

JuiceSoft Ltd

Authority:

Ascertia

Valid from:

3/19/2012 9:40:02 AM

Valid to:

3/18/2015 9:40:02 AM

Subject:

CN=JuiceSoft Ltd, E=support@badcddvdrecovery.com, C=Poland

Issuer:

CN=Ascertia Public CA 1, O=Ascertia, C=GB

Serial number:

0119C4E61B40982768

File PE Metadata

Compilation timestamp:

10/28/2010 9:29:03 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:p4NcWAqu9LYlO+otFGv/hRnmdk5HwF5hreru5AXc5j1W:pDWAq0O9otFGv/hRnmdk5CDyru5x5j1W

Entry address:

0x97830

Entry point:

60, BE, 00, 20, 46, 00, 8D, BE, 00, F0, F9, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89... 
[+]

Entropy:

7.8625

Packer / compiler:

UPX 2.90LZMA

Code size:

216 KB (221,184 bytes)

Remove virtualcd.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.