× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 595a978bae820726c2a4a92293ccea49da315379979a48c46c44d47348c6c7a1
File name: 000933c1e8d849628a4a53b5d6051a5f
Detection ratio: 30 / 57
Analysis date: 2015-09-20 11:05:25 UTC ( 3 years, 6 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Mikey.24658 20150920
Yandex TrojanSpy.Zbot!d1Vt5nBwqCs 20150919
AhnLab-V3 Trojan/Win32.Dorkbot 20150919
ALYac Gen:Variant.Mikey.24658 20150920
Arcabit Trojan.Mikey.D6052 20150920
Avast Win32:Malware-gen 20150920
AVG Zbot.AHFI 20150920
Avira (no cloud) TR/Spy.ZBot.400074 20150920
AVware Trojan.Win32.Generic!BT 20150920
BitDefender Gen:Variant.Mikey.24658 20150920
CMC Trojan-Downloader.Win32.Gamarue.2!O 20150920
Cyren W32/Agent.XL.gen!Eldorado 20150920
DrWeb Trojan.DownLoader16.30092 20150920
Emsisoft Gen:Variant.Mikey.24658 (B) 20150920
ESET-NOD32 Win32/Spy.Zbot.ACB 20150920
F-Prot W32/Agent.XL.gen!Eldorado 20150919
F-Secure Gen:Variant.Mikey.24658 20150919
Fortinet W32/Injector.CIUZ!tr 20150920
GData Gen:Variant.Mikey.24658 20150920
K7AntiVirus Trojan ( 004ce5441 ) 20150920
K7GW Trojan ( 004ce5441 ) 20150920
Kaspersky Trojan-Spy.Win32.Zbot.vzji 20150920
Malwarebytes Spyware.PasswordStealer 20150920
Microsoft Trojan:Win32/Dynamer!ac 20150920
eScan Gen:Variant.Mikey.24658 20150920
Panda Generic Suspicious 20150920
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20150920
Sophos AV Mal/Generic-S 20150920
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik 20150920
VIPRE Trojan.Win32.Generic!BT 20150920
AegisLab 20150920
Alibaba 20150920
Antiy-AVL 20150920
Baidu-International 20150920
Bkav 20150919
ByteHero 20150920
CAT-QuickHeal 20150919
ClamAV 20150918
Comodo 20150920
Ikarus 20150920
Jiangmin 20150919
Kingsoft 20150920
McAfee 20150920
McAfee-GW-Edition 20150919
NANO-Antivirus 20150920
nProtect 20150918
Rising 20150919
Symantec 20150919
Tencent 20150920
TheHacker 20150919
TotalDefense 20150920
TrendMicro 20150920
TrendMicro-HouseCall 20150920
VBA32 20150918
ViRobot 20150919
Zillya 20150919
Zoner 20150920
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1998-2013 VMware, Inc.

Publisher VMware, Inc.
Product VMware vCenter Converter Standalone
Original name farexec-service.exe
Internal name farexec-service.exe
File version 5.1.2 build-2233062
Description VMware Farexec Service
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-09-16 11:41:13
Entry Point 0x000294D2
Number of sections 4
PE sections
Overlays
MD5 a32d989faf60721b156274dc8f773698
File type data
Offset 398848
Size 1226
Entropy 7.69
PE imports
RegOpenKeyA
RegEnumKeyW
RegCreateKeyExA
RegSetValueExW
GetSaveFileNameW
GetDeviceCaps
GetCharWidth32A
GetDCBrushColor
GetArcDirection
SelectObject
OffsetRgn
EqualRgn
PlayEnhMetaFile
GetGlyphIndicesW
GetViewportExtEx
DPtoLP
CombineRgn
SetStretchBltMode
SetBkColor
Polygon
PathToRegion
GetPolyFillMode
SelectClipRgn
CreateCompatibleBitmap
MoveToEx
WidenPath
GetStdHandle
GetConsoleOutputCP
ReleaseMutex
WaitForSingleObject
FindFirstFileW
HeapDestroy
EncodePointer
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetCurrentDirectoryA
GetConsoleMode
GetLocaleInfoA
GetFileInformationByHandle
SetStdHandle
GetTempPathA
WideCharToMultiByte
GetStringTypeA
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetFileAttributesA
GetExitCodeProcess
LocalFree
FormatMessageW
InitializeCriticalSection
OutputDebugStringW
GlobalCompact
FindClose
TlsGetValue
FormatMessageA
SetFileAttributesW
SetLastError
PeekNamedPipe
InterlockedDecrement
GetNamedPipeInfo
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetVersionExA
GetModuleFileNameA
QueryPerformanceFrequency
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
SetFilePointer
GetFullPathNameW
CreateThread
GetExitCodeThread
SetUnhandledExceptionFilter
ReadFile
IsProcessorFeaturePresent
ExitThread
DecodePointer
SetPriorityClass
SetThreadContext
TerminateProcess
WriteConsoleA
GetModuleHandleExW
SetCurrentDirectoryW
SetEndOfFile
GetVersion
LeaveCriticalSection
SetCurrentDirectoryA
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetCommMask
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetFileSize
CreateDirectoryA
DeleteFileA
GetStartupInfoW
SetEvent
DeleteFileW
GetProcAddress
GetProcessHeap
AssignProcessToJobObject
RemoveDirectoryW
FreeEnvironmentStringsW
FindFirstFileExA
FindNextFileW
GetCurrentThreadId
WTSGetActiveConsoleSessionId
CreateDirectoryW
ResetEvent
QueryInformationJobObject
FindNextFileA
WaitForMultipleObjects
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
RemoveDirectoryA
GetEnvironmentStrings
GetCurrentDirectoryW
WritePrivateProfileStringA
GetCurrentProcessId
SetFileTime
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
RaiseException
TlsFree
GetModuleHandleA
SetDllDirectoryA
FindFirstFileA
CloseHandle
GetACP
GetModuleHandleW
BindIoCompletionCallback
CreateProcessA
IsValidCodePage
HeapCreate
WriteFile
VirtualFree
Sleep
VirtualAlloc
GetFullPathNameA
ShellExecuteExA
DrawTextExW
EndDialog
SetClassLongW
CharUpperW
KillTimer
GetGuiResources
ShowWindow
GetListBoxInfo
CharLowerA
IsCharAlphaW
MessageBoxW
SetDlgItemTextA
PostMessageA
ReleaseCapture
DialogBoxParamW
ScrollDC
SetWindowLongA
DialogBoxParamA
CharLowerW
CharUpperA
GetMenuItemID
GetCursorPos
IsCharAlphaNumericA
SetWindowTextA
LoadStringA
SendMessageA
LoadStringW
SetWindowTextW
GetDlgItem
GetClassInfoA
GetWindowLongA
SetTimer
LoadIconA
IsDlgButtonChecked
CallWindowProcA
GetWindowTextLengthW
CharToOemA
DestroyWindow
GetFileVersionInfoSizeW
CoRegisterMessageFilter
GetHGlobalFromILockBytes
CoGetMalloc
Number of PE resources by type
RT_DIALOG 7
RT_BITMAP 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 9
NEUTRAL 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
8.1.0.20038

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
174592

EntryPoint
0x294d2

OriginalFileName
farexec-service.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 1998-2013 VMware, Inc.

FileVersion
5.1.2 build-2233062

TimeStamp
2015:09:16 12:41:13+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
farexec-service.exe

ProductVersion
5.1.2 build-2233062

FileDescription
VMware Farexec Service

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
VMware, Inc.

CodeSize
223232

ProductName
VMware vCenter Converter Standalone

ProductVersionNumber
5.1.2.20038

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 000933c1e8d849628a4a53b5d6051a5f
SHA1 bfdff95021f35114600b9a019baa4e1d1d95a10a
SHA256 595a978bae820726c2a4a92293ccea49da315379979a48c46c44d47348c6c7a1
ssdeep
6144:1GUGwg3k/glivyPJO/lYhrHVd+nLGuMsHEfekcfnI0HrrvDJ:1WF6gliqUyrH/Yp9HE2I0L7F

authentihash b98e20d5018a2ab69a131738174ce0d68f9c55eb813e9357d58fe8d6a85ebceb
imphash 6dbd8f76cc5a01d64f27f5ab471c23c3
File size 390.7 KB ( 400074 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-09-20 11:05:25 UTC ( 3 years, 6 months ago )
Last submission 2015-09-20 11:05:25 UTC ( 3 years, 6 months ago )
File names farexec-service.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs