home

startvs.exe

VoodooSoft, LLC

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘VoodooShield’. This is installed with VoodooShield version 1.05.
Publisher:
VoodooSoft, LLC  (signed and verified)

Description:
Host Process for Windows Services

Version:
1.1.08.00

MD5:
fbc6258cc8887a85cac2cfa2ebc2a72e

SHA-1:
a5ef8b39ea320870ec917ecebccede0c3a64adfb

SHA-256:
2eb8014a656e8790c00d7d448aac9899b4410455f92246143e5c7372b312dd06

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/27/2024 7:49:37 AM UTC  (today)

File size:
1.4 MB (1,438,352 bytes)

Product version:
1.1.08.00

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\Program Files\voodooshield\startvs.exe

Digital Signature
Signed by:
VoodooSoft, LLC

Authority:
COMODO CA Limited

Valid from:
5/3/2012 7:00:00 PM

Valid to:
5/4/2013 6:59:59 PM

Subject:
CN="VoodooSoft, LLC", O="VoodooSoft, LLC", STREET=10748 Oakmont Street, L=Overland Park, S=Kansas, PostalCode=66210, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00A51EB28277FA4EC36335B9D2E00ABCFB

File PE Metadata
Compilation timestamp:
7/14/2012 7:35:56 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:MU4uF9+uZUiX3WQxw4fQJdO9dnr108g5eKn3t1apU0g3:MjurvVX38cQJdsdnRA8Kv3

Entry address:
0xC2C40

Entry point:
48, 83, EC, 28, E8, F3, 66, 00, 00, 48, 83, C4, 28, E9, 52, FE, FF, FF, CC, CC, 48, 89, 5C, 24, 08, 48, 89, 6C, 24, 10, 48, 89, 74, 24, 18, 57, 48, 83, EC, 20, 48, 8D, 59, 1C, 48, 8B, E9, BE, 01, 01, 00, 00, 48, 8B, CB, 44, 8B, C6, 33, D2, E8, 5F, 2C, 00, 00, 45, 33, DB, 48, 8D, 7D, 10, 41, 8D, 4B, 06, 41, 0F, B7, C3, 44, 89, 5D, 0C, 4C, 89, 5D, 04, 66, F3, AB, 48, 8D, 3D, 9E, 07, 04, 00, 48, 2B, FD, 8A, 04, 1F, 88, 03, 48, FF, C3, 48, FF, CE, 75, F3, 48, 8D, 8D, 1D, 01, 00, 00, BA, 00, 01, 00, 00, 8A, 04...
 
[+]

Entropy:
6.2106

Code size:
844 KB (864,256 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
VoodooShield

Command:
C:\Program Files\voodooshield\startvs.exe


The file startvs.exe has been discovered within the following program.

VoodooShield version 1.05  by VoodooSoft, LLC
www.voodooshield.com
21% remove it
 
Powered by Should I Remove It?

Scan startvs.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.