» Z-VSScopy.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

Z-VSScopy.exe

Z-VSScopy

Andreas Baumann

It runs as a separate (within the context of its own process) windows Service named “Z-VSScopy”.

File name:

Z-VSScopy.exe

Publisher:

IMU-BerliNet (signed by Andreas Baumann)

Product:

Z-VSScopy

Description:

Volume Shadow Client

Version:

2.01

MD5:

1f3837da41b218aee8b6663bead315bb

SHA-1:

783ee627fef15ee1e476244af1fb76143766c8b7

SHA-256:

ea85000621ac354ad6171be6e33b416bc66334b077597d70ed8e37222ff1e676

Scanner detections:

3 / 68

Status:

Clean (3 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

5/11/2024 4:43:35 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

W32/Virut.Gen

7.11.30.172

Dr.Web

BACKDOOR.Trojan

9.0.1.032

Trend Micro House Call

Suspicious_GEN.F47V1212

7.2.32

File size:

720 KB (737,312 bytes)

Product version:

2.01

Original file name:

Z-VSScopy.exe

File type:

Executable application (Win32 EXE)

Language:

German (Germany)

Common path:

C:\Program Files\z-vsscopy\z-vsscopy.exe

Digital Signature

Signed by:

Andreas Baumann

Authority:

Thawte, Inc.

Valid from:

12/20/2013 4:00:00 AM

Valid to:

2/19/2016 3:59:59 AM

Subject:

CN=Andreas Baumann, OU=SECURE APPLICATION DEVELOPMENT, O=Andreas Baumann, L=Berlin, S=Berlin, C=DE

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

152279739F9E5ACBD00F9AD3FDA4F733

File PE Metadata

Compilation timestamp:

12/10/2015 9:22:09 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:FVGLZDJtI6si5nUVTqb1hGJeWsqU3Ge0dnmH+FwwnHabzPWMWUX4821DZv:PGL1JtZsi5nyTqb1hGJeWsqU3Ge0dnmo

Entry address:

0x9304

Entry point:

B8, 68, 4D, 6A, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 62, 4A, 25, CB, E1, 36, 71, 30, F8, 8A, B5, B1, C7, 1E, 82, A8, 39, 63, AE, 59, 81, 35, D7, 41, 68, A1, 90, 00, 1F, CA, 7E, D2, 76, 51, 11, 09, CF, A8, A6, CC, 66, A5, C6, DE, 9F, F8, 92, 22, A6, B4, 54, 9F, B0, 07, 35, 1B, 65, A9, 1E, 80, 07, 24, 94, 6E, 4F, BE, 81, 44, 90, 8A, C4, 26, 6C, 24, 31, 71, A4, BC, 9B, B1, AD, F3, 5D, 03, 76, 93, F3, 8D, 60, 7F, 69, 0E, 30... 
[+]

Entropy:

6.6112

Packer / compiler:

PECompact v2

Code size:

1.7 MB (1,748,992 bytes)

Service

Display name:

Z-VSScopy

Description:

Allows Z-DBackup and Z-VssCopy to access the volume shadow copies of Windows.

Type:

Win32OwnProcess

The file Z-VSScopy.exe has been discovered within the following program.

Z-VSScopy by IMU Andreas Baumann

http:\\www.z-dbackup.de

About 4% of users remove it

Scan Z-VSScopy.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.