» vmserve.exe
Overview
Analysis
File Details
Behaviors (1)
Network (42)

vmserve.exe

Hongkong zoekyu Technology Limited

The application vmserve.exe by Hongkong zoekyu Technology Limited has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a windows Service named “vmserve Update”. While running, it connects to the Internet address server-54-230-11-252.lhr3.r.cloudfront.net on port 80 using the HTTP protocol.

File name:

vmserve.exe

Publisher:

Hongkong zoekyu Technology Limited (signed and verified)

MD5:

9f561b5b9b4a877f3a2781de33f5374e

SHA-1:

662ef2d85f5c495eed4af4a6f1eafe8bc74e6fe8

SHA-256:

cda6d7558bcd23896336aa5795f9967962f9f3c01f2b12b6d975e703a8d3f955

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

5/7/2024 7:08:46 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.Yessearches (M)

16.3.9.17

File size:

286.1 KB (292,952 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\common update\vmserve update\vmserve.exe

Digital Signature

Signed by:

Hongkong zoekyu Technology Limited

Authority:

GlobalSign nv-sa

Valid from:

8/31/2015 11:22:51 AM

Valid to:

8/31/2016 11:22:51 AM

Subject:

CN=Hongkong zoekyu Technology Limited, O=Hongkong zoekyu Technology Limited, L=香港, S=香港, C=HK

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121A7482C0A326B72D75AEE1323E44001AB

File PE Metadata

Compilation timestamp:

1/7/2016 8:25:38 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

6144:UEx6x04rjKddsofVYzaeC6AVAVJfI4pnEYWU:UI6x0WKNh6+AVJbnEYWU

Entry address:

0x1AB04

Entry point:

E8, B8, 53, 00, 00, E9, 7F, FE, FF, FF, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, 70, 50, 44, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, F8, 32, 44, 00, 01, 0F, 82, D8, 58, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74... 
[+]

Entropy:

6.4930

Code size:

205 KB (209,920 bytes)

Service

Display name:

vmserve Update

Service name:

vmserve

Description:

Enables the detection, download, and installation of updates for vmserve and other programs. If this service is disabled, users of this computer will not be able to use vmserve Update or its automatic

Type:

Win32OwnProcess, InteractiveProcess

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to server-54-230-163-144.jax1.r.cloudfront.net (54.230.163.144:80)

TCP (HTTP):

Connects to server-54-230-163-238.jax1.r.cloudfront.net (54.230.163.238:80)

TCP (HTTP):

Connects to server-54-230-163-110.jax1.r.cloudfront.net (54.230.163.110:80)

TCP (HTTP):

Connects to server-54-192-230-129.waw50.r.cloudfront.net (54.192.230.129:80)

TCP (HTTP):

Connects to server-54-230-216-158.mrs50.r.cloudfront.net (54.230.216.158:80)

TCP (HTTP):

Connects to server-54-192-37-188.jfk1.r.cloudfront.net (54.192.37.188:80)

TCP (HTTP):

Connects to server-54-192-230-96.waw50.r.cloudfront.net (54.192.230.96:80)

TCP (HTTP):

Connects to server-54-192-230-213.waw50.r.cloudfront.net (54.192.230.213:80)

TCP (HTTP):

Connects to server-54-230-11-252.lhr3.r.cloudfront.net (54.230.11.252:80)

TCP (HTTP):

Connects to server-54-192-37-36.jfk1.r.cloudfront.net (54.192.37.36:80)

TCP (HTTP):

Connects to server-54-192-37-136.jfk1.r.cloudfront.net (54.192.37.136:80)

TCP (HTTP):

Connects to server-54-192-230-40.waw50.r.cloudfront.net (54.192.230.40:80)

TCP (HTTP):

Connects to server-54-192-230-252.waw50.r.cloudfront.net (54.192.230.252:80)

TCP (HTTP):

Connects to server-54-192-230-133.waw50.r.cloudfront.net (54.192.230.133:80)

TCP (HTTP):

Connects to server-52-85-173-130.fra6.r.cloudfront.net (52.85.173.130:80)

TCP (HTTP):

Connects to server-52-84-33-220.ewr50.r.cloudfront.net (52.84.33.220:80)

TCP (HTTP):

Connects to server-54-230-81-218.mia50.r.cloudfront.net (54.230.81.218:80)

TCP (HTTP):

Connects to server-54-230-81-208.mia50.r.cloudfront.net (54.230.81.208:80)

TCP (HTTP):

Connects to server-54-230-216-65.mrs50.r.cloudfront.net (54.230.216.65:80)

TCP (HTTP):

Connects to server-54-230-216-56.mrs50.r.cloudfront.net (54.230.216.56:80)

Remove vmserve.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.