home

VagCom.exe

VAG-COM

Ross-Tech, LLC

This is a setup program which is used to install the application. The file has been seen being downloaded from docviewer.yandex.com and multiple other hosts.
Publisher:
Ross-Tech, LLC

Product:
VAG-COM

Version:
409.0

MD5:
2a061f1b7928566eefba39651751a4c4

SHA-1:
1727be991f72aeaf24402a3f4d7ce2b180c6a7f1

SHA-256:
a54f2f63492da6e2057061d512a02dc07fe16fbea3cd0f25c1a475e8e0c00c2e

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
12/27/2024 11:29:00 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Packed/PC-Guard
7.1.1

Trend Micro House Call
TROJ_GEN.F47V0508
7.2.242

File size:
668 KB (684,032 bytes)

Product version:
409, 0, 0, 0

Copyright:
Copyright (C) 2000-2004

Original file name:
VagCom.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\auto.diagnose.software.bundle.german-virtualbox\adsbgvb\auto.diagnose.software.bundle.german-virtualbox\diagnosetools einzeln\tachotool\vagcom409\vag-com\vagcom.exe

File PE Metadata
Compilation timestamp:
10/3/2004 12:11:59 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:j30Ut00RriY5KNzZC8FB55U7crnlJ2WjWi7RByZDpZbkJfiWr9QK:j3N0oiYKNzZC8T551lJJiitBqDpKf95Q

Entry address:
0x20E000

Entry point:
FC, 55, 50, E8, 00, 00, 00, 00, 5D, 60, E8, 03, 00, 00, 00, 83, EB, 0E, EB, 01, 0C, 58, EB, 01, 35, 40, EB, 01, 36, FF, E0, 0B, 61, B8, 44, F4, 40, 00, EB, 01, E3, 60, E8, 03, 00, 00, 00, D2, EB, 0B, 58, EB, 01, 48, 40, EB, 01, 35, FF, E0, E7, 61, 2B, E8, 9C, EB, 01, D5, 9D, EB, 01, 0B, 58, 60, E8, 03, 00, 00, 00, 83, EB, 0E, EB, 01, 0C, 58, EB, 01, 35, 40, EB, 01, 36, FF, E0, 0B, 61, 89, 85, DC, 39, 42, 00, 9C, EB, 01, D5, 9D, EB, 01, 0B, 58, EB, 01, E3, 60, E8, 03, 00, 00, 00, D2, EB, 0B, 58, EB, 01, 48...
 
[+]

Packer / compiler:
PC Guard for Win32 v5.00

Code size:
400 KB (409,600 bytes)

The file VagCom.exe has been seen being distributed by the following 2 URLs.

https://docviewer.yandex.com/source?id=ygwc-jcd9ii8a3u2557a1jks5064383qe8um2mqp429lnpq47zftb52azm69w1gk77tn4k66edqauuubry3ss1nfd16w91xigl8aot8a&archive-path=//Vag-com 409 ????/Vagcom_409_Unlocked_KKL/Vagcom 409 Unlocked_OK/VAG-Com 409 Unlocked/VAG-Com 409 Unlocked/.../kUmWmEUeDChKSIng==&name=Vag-com 409 ????.rar

http://s10400.chomikuj.pl/File.aspx?e=rpsJSfAI5py3iL3WbF2ETYYkox8rlzX_EKhXUkG_Su2_5jJJGD7CAB_fvjpxClgUxXTwFOJ0osp7Xr88-9nvRIQeEP5CnfK4jn-LV7ePyYPdR20C7jR-5pv_pONmNF6a2PtHqsPVA1VvZ2S2n6xk9g&pv=2

Scan VagCom.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.