× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f9fccb47897d3816accd1a21577ef0cf33073de466a472b2ed7233ebee1abf7e
File name: vmkbd.sys
Detection ratio: 0 / 51
Analysis date: 2014-03-26 07:06:51 UTC ( 4 years, 8 months ago )
Antivirus Result Update
Ad-Aware 20140326
AegisLab 20140326
Yandex 20140325
AhnLab-V3 20140325
AntiVir 20140326
Antiy-AVL 20140324
Avast 20140326
AVG 20140326
Baidu-International 20140325
BitDefender 20140326
Bkav 20140325
ByteHero 20140326
CAT-QuickHeal 20140325
ClamAV 20140326
CMC 20140319
Commtouch 20140326
Comodo 20140326
DrWeb 20140326
Emsisoft 20140326
ESET-NOD32 20140326
F-Prot 20140326
F-Secure 20140326
Fortinet 20140326
GData 20140326
Ikarus 20140326
Jiangmin 20140326
K7AntiVirus 20140325
K7GW 20140325
Kaspersky 20140326
Kingsoft 20140326
Malwarebytes 20140326
McAfee 20140326
McAfee-GW-Edition 20140326
Microsoft 20140326
eScan 20140326
NANO-Antivirus 20140326
Norman 20140326
nProtect 20140325
Panda 20140325
Qihoo-360 20140326
Rising 20140325
Sophos AV 20140326
SUPERAntiSpyware 20140326
Symantec 20140326
TheHacker 20140326
TotalDefense 20140325
TrendMicro 20140326
TrendMicro-HouseCall 20140326
VBA32 20140325
VIPRE 20140326
ViRobot 20140326
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Native subsystem that targets 64bit architectures.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 1998-2007 VMware, Inc.

Publisher VMware
Product VMware keyboard filter driver (64-bit)
Original name vmkbd.sys
Internal name vmkbd.sys
File version 1.0.0.0
Description VMware keyboard filter driver (64-bit)
Signature verification Signed file, verified signature
Signing date 6:53 AM 5/2/2007
Signers
[+] VMware
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 9/7/2006
Valid to 12:59 AM 10/27/2007
Valid usage Code Signing
Algorithm SHA1
Thumbprint 61B8E52DF06E4948E6D53FB47519AD4B859EAA77
Serial number 6A A4 57 55 13 64 93 5F E8 B0 E7 88 CE 89 B7 12
[+] VeriSign Class 3 Code Signing 2004 CA
Status Valid
Issuer None
Valid from 1:00 AM 7/16/2004
Valid to 12:59 AM 7/16/2014
Valid usage Client Auth, Code Signing
Algorithm SHA1
Thumbprint 197A4AEBDB25F0170079BB8C73CB2D655E0018A4
Serial number 41 91 A1 5A 39 78 DF CF 49 65 66 38 1D 4C 75 C2
[+] VeriSign Class 3 Public Primary CA
Status Valid
Issuer None
Valid from 1:00 AM 1/29/1996
Valid to 12:59 AM 8/2/2028
Valid usage Email Protection, Client Auth, Code Signing, Server Auth
Algorithm MD2
Thumbprint 742C3192E607E424EB4549542BE1BBC53E6174E2
Serial number 70 BA E4 1D 10 D9 29 34 B6 38 CA 7B 03 CC BA BF
Counter signers
[+] VeriSign Time Stamping Services Signer
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2008
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 817E78267300CB0FE5D631357851DB366123A690
Serial number 0D E9 2B F0 D4 D8 29 88 18 32 05 09 5E 9A 76 88
[+] VeriSign Time Stamping Services CA
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer None
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm MD5
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine x64
Compilation timestamp 2007-05-02 04:52:22
Entry Point 0x00007200
Number of sections 8
PE sections
PE imports
RtlInitUnicodeString
RtlSetDaclSecurityDescriptor
IoDetachDevice
RtlGetSaclSecurityDescriptor
_wcsnicmp
PoCallDriver
RtlCreateSecurityDescriptor
_snwprintf
KeQueryTimeIncrement
ZwOpenKey
SeCaptureSecurityDescriptor
IoIsWdmVersionAvailable
KeReleaseSpinLock
IoCreateDevice
ZwCreateKey
ZwSetValueKey
IoDeleteDevice
SeExports
ExAllocatePoolWithTag
RtlAddAccessAllowedAce
RtlGetOwnerSecurityDescriptor
IofCompleteRequest
RtlGetDaclSecurityDescriptor
wcschr
ExEventObjectType
KeSetEvent
ZwQueryValueKey
ObReferenceObjectByHandle
ObfDereferenceObject
IoAttachDeviceToDeviceStack
ExFreePoolWithTag
RtlFreeUnicodeString
RtlGetGroupSecurityDescriptor
MmGetSystemRoutineAddress
RtlLengthSid
IoCreateSymbolicLink
ZwClose
PoStartNextPowerIrp
RtlLengthSecurityDescriptor
IoDeviceObjectType
ZwSetSecurityObject
PsGetCurrentProcessId
RtlAbsoluteToSelfRelativeSD
KeBugCheckEx
ObOpenObjectByPointer
IofCallDriver
KeAcquireSpinLockRaiseToDpc
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
5.2

LinkerVersion
8.0

ImageVersion
5.2

FileSubtype
7

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
7168

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Copyright 1998-2007 VMware, Inc.

FileVersion
1.0.0.0

TimeStamp
2007:05:02 05:52:22+01:00

FileType
Win64 EXE

PEType
PE32+

InternalName
vmkbd.sys

FileAccessDate
2014:03:26 08:03:41+01:00

ProductVersion
1.0.0.0 build-45731

FileDescription
VMware keyboard filter driver (64-bit)

OSVersion
5.2

FileCreateDate
2014:03:26 08:03:41+01:00

OriginalFilename
vmkbd.sys

Subsystem
Native

MachineType
AMD AMD64

CompanyName
VMware, Inc.

CodeSize
13824

ProductName
VMware keyboard filter driver (64-bit)

ProductVersionNumber
1.0.0.0

EntryPoint
0x7200

ObjectFileType
Driver

File identification
MD5 4fe1339d9e8af0d8ec47e74240fff98a
SHA1 0c9891120b38cd6e7b5b9f22ef235fc883d61be3
SHA256 f9fccb47897d3816accd1a21577ef0cf33073de466a472b2ed7233ebee1abf7e
ssdeep
768:7bDZa93Ah4cTYf0wx1fMDJtujL3ZbkKm0:7bD6ljfKujdkp0

imphash 34cc594f21f4227292a4dfbada434389
File size 28.3 KB ( 28976 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (native) Mono/.Net assembly

TrID Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
Tags
64bits peexe assembly signed native

VirusTotal metadata
First submission 2014-03-26 07:06:51 UTC ( 4 years, 8 months ago )
Last submission 2014-03-26 07:06:51 UTC ( 4 years, 8 months ago )
File names vt-upload-CBHzlx
VMkbd.sys
VMkbd.sys
VMkbd.sys
vmkbd.sys
vmkbd.sys
vmkbd.sys
VMkbd.sys
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!