× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8c08ad5daa9319df1c414227c18aa956d8b1339632b1e2cc544cbcdc362b9d29
File name: VSSVC.exe
Detection ratio: 12 / 55
Analysis date: 2015-06-29 19:25:56 UTC ( 2 years, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Injector.BMZ 20150629
AegisLab Troj.Downloader.W32.Agent 20150629
AhnLab-V3 Trojan/Win32.Injector 20150629
ALYac Trojan.Injector.BMZ 20150629
Arcabit Trojan.Injector.BMZ 20150629
Baidu-International Trojan.Win32.Agent.XHN 20150629
BitDefender Trojan.Injector.BMZ 20150629
ESET-NOD32 Win32/Agent.XHN 20150629
F-Secure Trojan.Injector.BMZ 20150629
GData Trojan.Injector.BMZ 20150629
eScan Trojan.Injector.BMZ 20150629
Panda Trj/Gamarue.A 20150629
Yandex 20150628
Alibaba 20150629
Antiy-AVL 20150629
Avast 20150629
AVG 20150629
Avira (no cloud) 20150629
AVware 20150629
Bkav 20150629
ByteHero 20150629
CAT-QuickHeal 20150629
ClamAV 20150629
Comodo 20150629
Cyren 20150629
DrWeb 20150629
Emsisoft 20150629
F-Prot 20150629
Fortinet 20150629
Ikarus 20150629
Jiangmin 20150626
K7AntiVirus 20150629
K7GW 20150629
Kaspersky 20150629
Kingsoft 20150629
Malwarebytes 20150629
McAfee 20150629
McAfee-GW-Edition 20150629
Microsoft 20150629
NANO-Antivirus 20150629
nProtect 20150629
Qihoo-360 20150629
Rising 20150628
Sophos AV 20150629
SUPERAntiSpyware 20150629
Symantec 20150629
Tencent 20150629
TheHacker 20150626
TrendMicro 20150629
TrendMicro-HouseCall 20150629
VBA32 20150629
VIPRE 20150629
ViRobot 20150629
Zillya 20150629
Zoner 20150629
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Publisher Microsoft Corporation
Product Microsoft® Windows® Operating System
Original name VSSVC.EXE
Internal name VSSVC.exe
File version 1.0.0.1
Description Microsoft® Volume Shadow Copy Service
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-06-22 14:38:21
Entry Point 0x00011580
Number of sections 4
PE sections
Overlays
MD5 621e8d26939f40feb1529a715ae1f45d
File type ASCII text
Offset 2105344
Size 97612480
Entropy 5.79
PE imports
SetMapMode
SaveDC
TextOutA
GetClipBox
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
SetTextColor
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
ExtTextOutA
PtVisible
ScaleViewportExtEx
SelectObject
SetWindowExtEx
SetViewportExtEx
Escape
SetBkColor
DeleteObject
GetStdHandle
GetConsoleOutputCP
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetProcAddress
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
InitializeCriticalSection
LoadResource
GlobalHandle
InterlockedDecrement
FormatMessageA
SetLastError
GlobalFindAtomA
ExitProcess
FlushFileBuffers
GetModuleFileNameA
EnumSystemLocalesA
LoadLibraryExA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointer
GlobalAddAtomA
SetUnhandledExceptionFilter
TerminateProcess
WriteConsoleA
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
SetTapeParameters
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GlobalDeleteAtom
GetUserDefaultLCID
GetProcessHeap
GlobalReAlloc
lstrcmpA
CompareStringA
IsValidLocale
lstrcmpW
GlobalLock
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LocalReAlloc
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GlobalGetAtomNameA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
GetEnvironmentStrings
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
TlsFree
GetModuleHandleA
ReadFile
GlobalFlags
CloseHandle
GetACP
GetVersion
SizeofResource
IsValidCodePage
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
CreateStdAccessibleObject
LresultFromObject
VariantChangeType
VariantInit
VariantClear
MapWindowPoints
GetMessagePos
GetParent
ReleaseDC
SetPropA
SetMenuItemBitmaps
RegisterWindowMessageA
GetCapture
GetMenuState
GetClassInfoExA
DestroyMenu
PostQuitMessage
DefWindowProcA
SetWindowTextA
IsWindowEnabled
GetPropA
LoadBitmapA
SetWindowPos
GetWindowThreadProcessId
GetSysColorBrush
GetSystemMetrics
EnableMenuItem
IsWindow
GetWindowRect
DispatchMessageA
EnableWindow
UnhookWindowsHookEx
PostMessageA
GrayStringA
MessageBoxA
PeekMessageA
SetWindowLongA
AdjustWindowRectEx
GetMessageTime
GetWindow
GetSysColor
GetDC
GetKeyState
SystemParametersInfoA
GetDlgCtrlID
GetClassInfoA
CheckMenuItem
GetMenu
UnregisterClassA
GetLastActivePopup
PtInRect
GetForegroundWindow
GetWindowPlacement
SendMessageA
GetWindowTextA
GetClientRect
GetDlgItem
GetMenuCheckMarkDimensions
DrawTextExA
WinHelpA
RemovePropA
IsIconic
RegisterClassA
GetClassLongA
CallNextHookEx
TabbedTextOutA
GetWindowLongA
CreateWindowExA
LoadCursorA
LoadIconA
DrawTextA
SetWindowsHookExA
ClientToScreen
GetMenuItemCount
GetSubMenu
CopyRect
ValidateRect
CallWindowProcA
GetClassNameA
GetFocus
GetMenuItemID
GetTopWindow
SetForegroundWindow
ModifyMenuA
DestroyWindow
OpenPrinterA
DocumentPropertiesA
ClosePrinter
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
630784

EntryPoint
0x11580

OriginalFileName
VSSVC.EXE

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
1.0.0.1

TimeStamp
2015:06:22 15:38:21+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
VSSVC.exe

ProductVersion
1.0.0.1

FileDescription
Microsoft Volume Shadow Copy Service

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
1470464

ProductName
Microsoft Windows Operating System

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 dc2d36218d8583095ad1abe97586726f
SHA1 fb1688a1f0c5aa4fdd396a03eb0a79a1a8831a46
SHA256 8c08ad5daa9319df1c414227c18aa956d8b1339632b1e2cc544cbcdc362b9d29
ssdeep
786432:5hUHuhGHIh3YS0o79C9vIqTYoNE0cUrZrnFrOuxBpyICyD7J2AlNtgi1CxGYYaU4:5heWYS04rnoNQWZrnNpfSicUYYaUuzlD

authentihash 0e8e42af713e4cf39bb0baf79d4e200909d6d9e185d3c6361ccabbe8d179808c
imphash 398cadc2765792b52af0530fc17ed889
File size 95.1 MB ( 99717824 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-06-29 19:25:56 UTC ( 2 years, 3 months ago )
Last submission 2015-06-30 16:03:57 UTC ( 2 years, 3 months ago )
File names VSSVC.EXE
VSSVC.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!