» vmserve.exe
Overview
Analysis
File Details
Behaviors (1)

vmserve.exe

Hongkong zoekyu Technology Limited

The application vmserve.exe by Hongkong zoekyu Technology Limited has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a windows Service named “vmserve Update”.

File name:

vmserve.exe

Publisher:

Hongkong zoekyu Technology Limited (signed and verified)

MD5:

7073e447916f643b72c99ec72bfefbf5

SHA-1:

9b5820dd0a1377ad6d138b2650788a1c04851950

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

2/24/2025 10:46:37 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.Yessearches.Hongkong.Meta (M)

16.4.29.23

File size:

460.2 KB (471,290 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\common update\vmserve update\vmserve.exe

Digital Signature

Signed by:

Hongkong zoekyu Technology Limited

Authority:

GlobalSign nv-sa

Valid from:

8/30/2015 10:52:51 PM

Valid to:

8/30/2016 10:52:51 PM

Subject:

CN=Hongkong zoekyu Technology Limited, O=Hongkong zoekyu Technology Limited, L=香港, S=香港, C=HK

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121A7482C0A326B72D75AEE1323E44001AB

File PE Metadata

Compilation timestamp:

1/6/2016 6:55:38 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

12288:oI6x0WKNh6ZAVJUnEYWUVLS+QcR2rksjNBxbR:vzWKNfUnhHVhQqOnxbR

Entry address:

0x4E000

Entry point:

B9, E6, 87, 08, 00, BF, 14, E0, 44, 00, BA, C4, 06, 00, 00, 31, 0C, 3A, 83, EA, 03, 4A, 75, F7, 0E, FA, 09, 00, E6, 87, 08, 00, E6, 87, 48, 00, E2, 2C, 09, 00, BE, FF, 0C, 00, 1C, 07, 0C, 00, E6, 37, 0A, 00, E7, 87, 08, 00, 9E, D7, 4B, 00, 7A, 99, 4C, 00, 6A, 99, 4C, 00, 42, 85, 0C, 00, 7C, 99, 0C, 00, 6C, 99, 0C, 00, 9E, BF, 0B, 00, 7C, 99, 0C, 00, 6C, 99, 0C, 00, E6, 87, 08, 00, E6, 87, 08, 00, E6, 87, 08, 00, E6, 87, 08, 00, 8A, D6, 4B, 00, E6, 87, 08, 00, E6, 87, 08, 00, E6, 87, 08, 00, E6, 87, 08, 00... 
[+]

Entropy:

7.2492

Code size:

205 KB (209,920 bytes)

Service

Display name:

vmserve Update

Service name:

vmserve

Description:

Enables the download and installation of vmserve updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the vmserve Update Web site.

Type:

Win32OwnProcess, InteractiveProcess

Remove vmserve.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.