× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f7870b9b7c1b492178c6d9c919ffc44a811699e77e4acf14325d118571886794
File name: allhibernate.exe
Detection ratio: 14 / 67
Analysis date: 2018-04-13 13:22:58 UTC ( 10 months, 1 week ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20180413
AVG FileRepMalware 20180413
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9882 20180413
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170201
Cylance Unsafe 20180413
eGambit Unsafe.AI_Score_100% 20180413
Endgame malicious (high confidence) 20180403
ESET-NOD32 a variant of Win32/Kryptik.GFNK 20180413
Sophos ML heuristic 20180121
Malwarebytes Trojan.Emotet 20180413
McAfee-GW-Edition BehavesLike.Win32.Generic.ch 20180413
Microsoft Trojan:Win32/Cloxer.D!cl 20180413
Qihoo-360 HEUR/QVM20.1.79F5.Malware.Gen 20180413
Symantec ML.Attribute.HighConfidence 20180413
Ad-Aware 20180413
AegisLab 20180413
AhnLab-V3 20180413
Alibaba 20180413
Antiy-AVL 20180413
Arcabit 20180413
Avast-Mobile 20180413
Avira (no cloud) 20180413
AVware 20180413
BitDefender 20180413
Bkav 20180410
CAT-QuickHeal 20180413
ClamAV 20180413
CMC 20180413
Comodo 20180413
Cybereason 20180225
Cyren 20180413
DrWeb 20180413
Emsisoft 20180413
F-Prot 20180413
F-Secure 20180413
Fortinet 20180413
GData 20180413
Ikarus 20180413
Jiangmin 20180413
K7AntiVirus 20180413
K7GW 20180413
Kaspersky 20180413
Kingsoft 20180413
MAX 20180413
McAfee 20180413
eScan 20180413
NANO-Antivirus 20180413
nProtect 20180413
Palo Alto Networks (Known Signatures) 20180413
Panda 20180413
Rising 20180413
SentinelOne (Static ML) 20180225
Sophos AV 20180413
SUPERAntiSpyware 20180413
Symantec Mobile Insight 20180412
Tencent 20180413
TheHacker 20180410
TotalDefense 20180413
TrendMicro 20180413
TrendMicro-HouseCall 20180413
Trustlook 20180413
VBA32 20180413
VIPRE 20180413
ViRobot 20180413
Webroot 20180413
WhiteArmor 20180408
Yandex 20180412
Zillya 20180413
ZoneAlarm by Check Point 20180413
Zoner 20180412
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name vmicsvc.exe
Internal name vmicsvc
File version 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Description Virtual Machine Integration Component Service
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Entry Point 0x0002A2D1
Number of sections 5
PE sections
PE imports
ReportEventA
AbortSystemShutdownA
RegCreateKeyExA
SetServiceStatus
GetNearestPaletteIndex
GetIcmpStatistics
GetLastError
LoadLibraryW
FreeLibrary
GetPrivateProfileSectionNamesW
FlsGetValue
RemoveDirectoryA
LoadLibraryA
SetProcessWorkingSetSize
GetConsoleMode
LocalAlloc
lstrcatA
GetBinaryTypeW
BackupWrite
GetProcAddress
FlsFree
CancelIo
lstrcpyW
RaiseException
WideCharToMultiByte
GetModuleFileNameW
GetSystemDefaultUILanguage
InterlockedExchange
SetFileAttributesA
WTSGetActiveConsoleSessionId
LocalFree
GetModuleFileNameA
SetCommConfig
GetNumaHighestNodeNumber
FreeLibraryAndExitThread
GetFileType
GetTickCount
GetDefaultCommConfigA
MprAdminInterfaceGetCredentials
acmStreamOpen
DrawDibStart
NetUserGetGroups
DsListSitesW
DispGetParam
RevokeActiveObject
RpcEpRegisterA
SetupGetSourceInfoA
SetupDiDeleteDevRegKey
SHGetDesktopFolder
PathRemoveFileSpecW
PathIsFileSpecW
InitSecurityInterfaceW
AddPrinterDriverA
CryptCATCDFClose
CryptCATPersistStore
Ord(30)
strtoul
CreateStreamOnHGlobal
CoDisableCallCancellation
StgSetTimes
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
0.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7601.17514

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Virtual Machine Integration Component Service

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
180224

EntryPoint
0x2a2d1

OriginalFileName
vmicsvc.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7601.17514 (win7sp1_rtm.101119-1850)

TimeStamp
0000:00:00 00:00:00

FileType
Win32 EXE

PEType
PE32

InternalName
vmicsvc

ProductVersion
6.1.7601.17514

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
3192391222

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7601.17514

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 d67ef3f5072c141dfec3038996d9fbad
SHA1 9b0e8de9c9e0e1d24954f4512cb95185d7eef872
SHA256 f7870b9b7c1b492178c6d9c919ffc44a811699e77e4acf14325d118571886794
ssdeep
3072:+/S8w8oN0r3uMh/QWHNJxI8NVgZy0kmILBJ2x9pAtPBKN9IdXBlMXFvCgo3qaY2V:Fl8uwNfVkILBJ2x9pAtPBKN9IdXBlMX7

authentihash 65659812524fb2f1f065f11b0ba984a2617706bde50a71d01e32da5217434753
imphash 1f76d57c2db2092d49598eeb690fca53
File size 189.0 KB ( 193536 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-04-13 13:22:58 UTC ( 10 months, 1 week ago )
Last submission 2018-05-11 00:19:33 UTC ( 9 months, 2 weeks ago )
File names vmicsvc
vmicsvc.exe
86293.exe
4675.exe
7543.exe
4197.exe
decryptaproximity.exe
appidexisting.exe
0887.exe
platfinale.exe
allhibernate.exe
24246432.exe
9138.exe
212029.exe
21166384.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!