home

filenotfound.exe

VMware Tools

Best Prog

The executable filenotfound.exe, “VMware Tools Core Service” has been detected as malware by 1 anti-virus scanner. This is a setup program which is used to install the application. The file has been seen being downloaded from disk-space.ru.
Publisher:
VMware, Inc.  (signed by Best Prog)

Product:
VMware Tools

Description:
VMware Tools Core Service

Version:
9.6.2.31837

MD5:
fd21d69aa16252fe451cf1a16d612b8d

SHA-1:
14670467f671bd71780765ba1083d1cda02db180

SHA-256:
eec927c81940006a46a19b56a92a53b02a687d86f897498694549fe8813b19ee

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
1/10/2025 8:28:13 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.8.7.9

File size:
591 KB (605,160 bytes)

Product version:
9.6.2 build-1688356

Copyright:
Copyright © 1998-2014 VMware, Inc.

Original file name:
vmtoolsd.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\filenotfound.exe

Digital Signature
Signed by:
Best Prog

Authority:
COMODO CA Limited

Valid from:
4/18/2016 3:00:00 AM

Valid to:
4/19/2017 2:59:59 AM

Subject:
CN=Best Prog, O=Best Prog, STREET=d.19 ul.Krasnokazarmennaya, L=Moscow, S=Moscow, PostalCode=111116, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
5CE7DCCDCBB4CC16DC53B581A7710692

File PE Metadata
Compilation timestamp:
5/29/2016 10:52:23 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:l7SNYSQitFI+QDhD5fNC07ev7rdqhydAKVfuVUBZiUKZAelq2T3dygcMVAtYeT01:l7cYDijRQlrdhvK9u7AafgU4sW+6Sd

Entry address:
0x4310

Entry point:
55, 8B, EC, 81, EC, 38, 06, 00, 00, 53, 56, 57, C6, 45, ED, 0D, EB, 01, 95, 68, 2B, 43, 40, 00, C3, 87, D4, C1, E1, 00, C1, E8, 00, 8D, 12, 8D, 09, 68, 3C, 43, 40, 00, C3, 5C, C1, E1, 00, EB, 02, 2B, C2, EB, 06, 81, C2, 1C, 6C, D9, 01, 68, 74, 14, 00, 00, A1, 14, 11, 49, 00, 50, FF, 15, 00, 92, 40, 00, 85, C0, 74, 07, 33, C0, E9, E3, 05, 00, 00, FF, 15, 4C, 92, 40, 00, 8B, 8D, 68, FF, FF, FF, 2B, 4D, 84, 3B, 8D, 64, FF, FF, FF, 76, 06, FF, 15, 34, 92, 40, 00, 8B, 55, 88, 81, EA, EC, E9, 22, 04, 89, 55, 88...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
30.5 KB (31,232 bytes)

The file filenotfound.exe has been seen being distributed by the following URL.

http://disk-space.ru/.../getlink

Remove filenotfound.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.