home

VCDDaemon.exe

Virtual CloneDrive

Elaborate Bytes AG

The executable VCDDaemon.exe, “Virtual CloneDrive Daemon” has been detected as malware by 7 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘VirtualCloneDrive’.
Publisher:
Elaborate Bytes AG  (signed and verified)

Product:
Virtual CloneDrive

Description:
Virtual CloneDrive Daemon

Version:
5, 4, 0, 1

MD5:
31c5d2c134c46531ae2793b3b63f7ee7

SHA-1:
7e2fbab5ba95e24f691d9f43e65b559a7d2ca014

Scanner detections:
7 / 68

Status:
Malware

Analysis date:
11/26/2024 11:55:45 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

avast!
Win32:Mabezat [Wrm]
160917-0

AVG
Win32/Mabezat
2013.0.4477

Clam AntiVirus
Win.Trojan.Mabezat-2
0.98/22832

Dr.Web
Win32.HLLW.Tazebama
9.0.1.05190

ESET NOD32
Win32/Mabezat.A virus
6.3.12010.0

F-Prot
W32/Mabezat.A-2
4.6.5.141

Kaspersky
Worm.Win32.Mabezat
15.0.2.529

File size:
203.8 KB (208,695 bytes)

Product version:
5, 4, 0, 0

Copyright:
Copyright © 2001 - 2008 Elaborate Bytes AG

Trademarks:
elby, CloneCD, CloneDVD and Elaborate Bytes are trademarks of Elaborate Bytes AG

Original file name:
VCDDaemon.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\elaborate bytes\virtualclonedrive\vcddaemon.exe

Digital Signature
Signed by:
Elaborate Bytes AG

Authority:
GlobalSign nv-sa

Valid from:
12/7/2006 12:07:29 PM

Valid to:
12/7/2008 12:07:29 PM

Subject:
E=admin@elby.ch, CN=Elaborate Bytes AG, O=Elaborate Bytes AG, C=CH

Issuer:
CN=GlobalSign ObjectSign CA, OU=ObjectSign CA, O=GlobalSign nv-sa, C=BE

Serial number:
0100000000010F5C98B8F5

File PE Metadata
Compilation timestamp:
6/30/2008 12:00:59 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

Entry address:
0x31EE

Entry point:
BB, F6, 64, F6, 93, 93, E9, 20, 01, 00, 00, 10, B6, 19, 15, C1, 45, 19, 15, 61, 64, 99, 99, 99, 19, 99, 99, C8, 99, 99, 99, F8, CA, CF, CA, C9, CA, D2, D0, CF, 99, 99, 99, 0D, FA, 13, FE, FB, FA, 06, FA, C7, FD, 05, 05, 99, 99, 99, 99, F5, 99, 99, 99, DF, 0B, FE, FE, E5, 02, FB, 0B, FA, 0B, 12, 99, DC, 0B, FE, FA, 0D, FE, DD, 02, 0B, FE, FC, 0D, 08, 0B, 12, DA, 99, 99, 99, 99, E0, FE, 0D, F0, 02, 07, FD, 08, 10, 0C, DD, 02, 0B, FE, FC, 0D, 08, 0B, 12, DA, 99, 99, 99, 99, E0, FE, 0D, E6, 08, FD, 0E, 05, FE...
 
[+]

Code size:
24 KB (24,576 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
VirtualCloneDrive

Command:
"C:\Program Files\elaborate bytes\virtualclonedrive\vcddaemon.exe" \s


Remove VCDDaemon.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.