vmhost.exe

vm file module

Product:
vm file module

Version:
1, 0, 0, 1

MD5:
61d9eb09acddc841dd5d0995a0ed430a

SHA-1:
c9445a9fcaba73d80b7b0a00ba43c8357681f2f4

SHA-256:
7cfc02fda161a48a1c3a9a9bfb356bfd62582885ebef74588a331b5e68d1cdc6

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/15/2024 8:20:50 AM UTC  (today)

Scan engine
Detection
Engine version

Qihoo 360 Security
HEUR/Malware.QVM10.Gen
1.0.0.1015

File size:
331.5 KB (339,456 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright 2003

Original file name:
vmfile.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\updatetask\vmhost.exe

File PE Metadata
Compilation timestamp:
6/22/2014 7:43:48 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:ZXC5zYAOQJwFvXUlDdaihPQDSwS8SOBc+iYLVd1V99US6kVT4NwB:Y5znOQUvXAaihPenBc+iYz1VQS68B

Entry address:
0x2C4CC

Entry point:
E8, 5F, B1, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 10, 53, 56, FF, 75, 10, 8D, 4D, F0, E8, 73, D4, FF, FF, 8B, 5D, 08, 33, F6, 3B, DE, 75, 2F, E8, B5, 22, 00, 00, 56, 56, 56, 56, 56, C7, 00, 16, 00, 00, 00, E8, B0, D8, FF, FF, 83, C4, 14, 80, 7D, FC, 00, 74, 07, 8B, 45, F8, 83, 60, 70, FD, B8, FF, FF, FF, 7F, E9, C0, 00, 00, 00, 57, 8B, 7D, 0C, 3B, FE, 75, 2F, E8, 7E, 22, 00, 00, 56, 56, 56, 56, 56, C7, 00, 16, 00, 00, 00, E8, 79, D8, FF, FF, 83, C4, 14, 80, 7D, FC, 00, 74, 07, 8B, 45, F8...
 
[+]

Entropy:
6.4658

Code size:
261.5 KB (267,776 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-230-38-75.jfk1.r.cloudfront.net  (54.230.38.75:80)

TCP (HTTP):
Connects to server-54-230-38-39.jfk1.r.cloudfront.net  (54.230.38.39:80)

TCP (HTTP):
Connects to server-54-230-38-162.jfk1.r.cloudfront.net  (54.230.38.162:80)

TCP (HTTP):
Connects to m-nb.xplusone.com  (199.38.164.155:80)

TCP (HTTP):
Connects to lga15s45-in-f26.1e100.net  (74.125.226.186:80)

TCP (HTTP SSL):
Connects to lga15s44-in-f28.1e100.net  (74.125.226.92:443)

TCP (HTTP):
Connects to lga15s43-in-f28.1e100.net  (74.125.226.60:80)

TCP (HTTP):
Connects to lga15s43-in-f27.1e100.net  (74.125.226.59:80)

TCP (HTTP):
Connects to lga15s43-in-f26.1e100.net  (74.125.226.58:80)

TCP (HTTP):
Connects to lga15s34-in-f28.1e100.net  (173.194.43.28:80)

TCP (HTTP):
Connects to lga15s34-in-f27.1e100.net  (173.194.43.27:80)

TCP (HTTP):
Connects to jumptap.com  (209.94.144.19:80)

TCP (HTTP):
Connects to gd.ads.vip.gq1.yahoo.com  (98.137.170.33:80)

TCP (HTTP):
Connects to errserv-21.btrll.com  (162.208.21.166:80)

TCP (HTTP):
Connects to ec2-54-85-206-154.compute-1.amazonaws.com  (54.85.206.154:80)

TCP (HTTP):
Connects to ec2-54-85-189-255.compute-1.amazonaws.com  (54.85.189.255:80)

TCP (HTTP):
Connects to ec2-54-85-113-229.compute-1.amazonaws.com  (54.85.113.229:80)

TCP (HTTP):
Connects to ec2-54-84-210-159.compute-1.amazonaws.com  (54.84.210.159:80)

TCP (HTTP):
Connects to ec2-54-84-169-57.compute-1.amazonaws.com  (54.84.169.57:80)

TCP (HTTP):
Connects to ec2-54-83-24-4.compute-1.amazonaws.com  (54.83.24.4:80)

Scan vmhost.exe - Powered by Reason Core Security