» vmtoolsd.exe
Overview
Analysis
File Details
Behaviors (1)

vmtoolsd.exe

Qizhi Software (beijing) Co. Ltd

The executable vmtoolsd.exe has been detected as malware by 27 anti-virus scanners.

File name:

vmtoolsd.exe

Publisher:

Qizhi Software (beijing) Co. Ltd (signed and verified)

MD5:

88b60f40bcaae46bd19da801d8df84ad

SHA-1:

1f353543269d6f825112356ad8c3e84362ee32d4

Scanner detections:

27 / 68

Status:

Malware

Analysis date:

4/24/2024 1:35:45 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Dropper/Onlinegamehack.51200.D

2012.08.19

Avira AntiVirus

TR/Downloader.Gen

7.11.40.70

avast!

Win32:Malware-gen

2014.9-170303

AVG

SHeur4

2018.0.2451

Bitdefender

Trojan.Generic.KDV.683156

1.0.20.310

Comodo Security

Packed.Win32.MUPX.Gen

13273

Dr.Web

Trojan.DownLoader6.37951

9.0.1.062

Emsisoft Anti-Malware

Trojan.SuspectCRC!IK

8.17.03.03.11

ESET NOD32

Win32/TrojanDownloader.Agent.RAK

11.7396

Fortinet FortiGate

W32/Agent.RAK!tr.dldr

3/3/2017

F-Prot

W32/Dialer.GGK

v6.4.6.5.141

F-Secure

Trojan.Generic.KDV.683156

11.2017-03-03_6

G Data

Trojan.Generic.KDV.683156

17.3.22

IKARUS anti.virus

Trojan.SuspectCRC

t3scan.1.1.122.0

K7 AntiVirus

Riskware

13.147.7516

Kaspersky

Trojan.Win32.Jorik.Vobfus

14.0.0.-1252

McAfee

Artemis!88B60F40BCAA

5600.6107

Microsoft Security Essentials

Trojan:Win32/Krijue.A

1.163.1557.0

Norman

W32/Troj_Generic.DFMOU

11.20170303

nProtect

Trojan/W32.Jorik.51238

12.08.18.02

Panda Antivirus

Trj/Genetic.gen

17.03.03.11

Sophos

Sus/UnkPacker

4.80

Trend Micro House Call

TROJ_GEN.USBH10ACT

7.2.62

Trend Micro

TROJ_GEN.RCBCDH6

10.465.03

Vba32 AntiVirus

Malware-Cryptor.General.3

3.12.18.2

VIPRE Antivirus

Trojan.Win32.Generic

12686

ViRobot

Trojan.Win32.PSWIGames.51238

2011.4.7.4223

File size:

50 KB (51,238 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Windows\System32\vmtoolsd.exe

Digital Signature

Signed by:

Qizhi Software (beijing) Co. Ltd

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

10/22/2008 9:00:00 AM

Valid to:

11/24/2010 8:59:59 AM

Subject:

CN=Qizhi Software (beijing) Co. Ltd, OU=SECURE APPLICATION DEVELOPMENT, O=Qizhi Software (beijing) Co. Ltd, L=Beijing, S=Beijing, C=CN

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

21D91D915F64FE5AEAA16DD9B46F06DD

File PE Metadata

Compilation timestamp:

1/23/1999 1:36:32 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

Entry address:

0x10980

Entry point:

68, 95, 7A, 41, 00, E8, 00, 30, 00, 00, 66, 0F, CA, 37, 66, 01, C2, 8B, 45, 00, F5, 66, 29, FA, 66, 0F, BB, D2, 8D, 92, 6D, 22, A2, 2C, 8B, 55, 04, F6, C6, 61, F9, 66, F7, C5, 87, A6, F6, C5, 05, 83, C5, 08, 60, 60, 89, 10, C6, 04, 24, 8B, 8D, 64, 24, 40, E9, AF, 28, 00, 00, 89, 44, 24, 20, 60, 88, 0C, 24, 89, 54, 24, 3C, E8, BA, 35, 00, 00, D2, F4, 89, C0, 66, 0F, A4, E0, 09, 8B, 46, FC, 38, C2, F6, C5, 6C, 39, EC, 0F, C8, 60, 83, ED, 04, 8D, 64, 24, 20, 0F, 8B, 39, 02, 00, 00, 60, 88, 4C, 24, 0C, 9C, 8D... 
[+]

Entropy:

7.4633

Code size:

20 KB (20,480 bytes)

InstalledComponents

Name:

{72CDEAF8-95A1-38BD-63EA-DE05690932CB}

Remove vmtoolsd.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.