Gridinsoft Logo

The dcaa100e21b5ad4e118f3259b392f01141d0e9d07b8b0e217e8dba6811550e3a (Microsoft® Volume Shadow Copy Service) File Analysis

Updated 1 year ago
Checked by Malware Check
dcaa100e21b5ad4e118f3259b392f01141d0e9d07b8b0e217e8dba6811550e3a

Technical Analysis

File Name dcaa100e21b5ad4e118f3259b392f01141d0e9d07b8b0e217e8dba6811550e3a
File Type
Win32 EXE
Magic Bytes PE32+ executable (GUI) x86-64, for MS Windows
SSDEEP Hash
49152:zPK8mJYTerDjfJ2313e1mP1MdnUUkRSuQNW6XleHfYTC:8uQNoHU
Scanner Version 1.0.173.174
Database Version 2024-04-28 13:00:17 UTC

Suspicious File Detected

Detected by 50 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.
69%
Detection Rate
2,075,136
File Size (bytes)
50/72
Engines Detected
2024-04-28
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
6be6215bc53438f309ba331434e1a4db
SHA1
4937edaec2c428bd4cb91ee0495ecdd6237c22c1
SHA256
dcaa100e21b5ad4e118f3259b392f01141d0e9d07b8b0e217e8dba6811550e3a
SHA512
653dc3a0609a7a8264fce929faa992bfc4b0d03fd9933d85c99e7938bd4ee5de9fbc0ca2d1766c615054499ec92dfb298aa064795bd18b17107960347a977cc1
ImpHash
0bf1b64af19d0afaccb000f015f48095

Security Engines with Detections (50 of 72)

Bkav
W64.AIDetectMalware Malicious
AVG
Win64:Expiro-AJ [Inf] Malicious
MicroWorld-eScan
Win64.Expiro.Gen.7 Malicious
CAT-QuickHeal
W32.Expiro.R3 Malicious
Skyhigh
BehavesLike.Win64.Expiro.th Malicious
Malwarebytes
Virus.M0yv Malicious
Sangfor
Trojan.Win32.Save.a Malicious
K7GW
Virus ( 0058d9c51 ) Malicious
K7AntiVirus
Virus ( 0058d9c51 ) Malicious
Arcabit
Win64.Expiro.Gen.7 Malicious
VirIT
Win64.Expiro.AJ Malicious
Symantec
ML.Attribute.HighConfidence Malicious
Elastic
malicious (high confidence) Malicious
ESET-NOD32
a variant of Win64/Expiro.DC Malicious
Cynet
Malicious (score: 100) Malicious
APEX
Malicious Malicious
Kaspersky
Virus.Win64.Moiva.a Malicious
BitDefender
Win64.Expiro.Gen.7 Malicious
NANO-Antivirus
Virus.Win64.Virut-Gen.bwpxnc Malicious
Avast
Win64:Expiro-AJ [Inf] Malicious
Tencent
Virus.Win64.VirMoiva.a Malicious
TACHYON
Virus/W64.Movia Malicious
Emsisoft
Win64.Expiro.Gen.7 (B) Malicious
F-Secure
Malware.W32/Infector.Gen Malicious
DrWeb
Win32.Expiro.158 Malicious
VIPRE
Win64.Expiro.Gen.7 Malicious
TrendMicro
Virus.Win64.EXPIRO.SMAJC Malicious
Trapmine
malicious.moderate.ml.score Malicious
FireEye
Generic.mg.6be6215bc53438f3 Malicious
Sophos
W64/Moiva-B Malicious
Ikarus
Virus.Win64.Expiro Malicious
Webroot
W32.Malware.Gen Malicious
Varist
W64/Expiro.AR.gen!Eldorado Malicious
Avira
W32/Infector.Gen Malicious
Antiy-AVL
Virus/Win64.Expiro.dc Malicious
Microsoft
Trojan:Win32/Phonzy.B!ml Malicious
ZoneAlarm
Virus.Win64.Moiva.a Malicious
GData
Win64.Expiro.Gen.7 Malicious
Google
Detected Malicious
AhnLab-V3
Virus/Win.Expiro.X2212 Malicious
Acronis
suspicious Malicious
ALYac
Win64.Expiro.Gen.7 Malicious
MAX
malware (ai score=87) Malicious
Cylance
unsafe Malicious
Panda
W64/Moyv.A Malicious
Rising
Virus.Expiro!1.A140 (CLASSIC) Malicious
SentinelOne
Static AI - Malicious PE Malicious
MaxSecure
Trojan.Malware.121218.susgen Malicious
Fortinet
W64/Expiro.CV Malicious
DeepInstinct
MALICIOUS Malicious
22 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

Image Base 0x140000000
Entry Point 0x1400170c0
Compilation Time 2033-06-13 06:51:14
Checksum 0x00205d90 (Actual: 0x00205d90)
OS Version 10.0
PEiD Signatures PE32+ executable (GUI) x86-64, for MS Windows
PDB Path vssvc.pdb
Digital Signature The PE file does not contain a certificate table.
Imports 48 libraries
Exports 0 functions
Resources 5 Resources
Sections 7 Sections

Version Information

CompanyName Microsoft Corporation
FileDescription Microsoft® Volume Shadow Copy Service
FileVersion 10.0.19041.1741 (WinBuild.160101.0800)
InternalName VSSVC.EXE
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename VSSVC.EXE
ProductName Microsoft® Windows® Operating System
ProductVersion 10.0.19041.1741
Translation 0x0409 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 1,012,960 bytes 1,013,248 bytes 6.14 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ D3400C1D8B9EF7E4B2F4552F973CD8B5
.rdata 0x000f9000 425,056 bytes 425,472 bytes 4.39 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 9B80591AD0AF412FF59E0A1011CA325E
.data 0x00161000 5,600 bytes 1,536 bytes 2.80 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 3D79F27F535099EA42C4C9ED71B0AFEE
.pdata 0x00163000 30,828 bytes 31,232 bytes 6.11 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 33BB015272D110285720EE291DFF5EEF
.didat 0x0016b000 336 bytes 512 bytes 1.89 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 40F01F1523B4118659ECCF43D92B49B9
.rsrc 0x0016c000 20,288 bytes 20,480 bytes 4.51 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 91F3AA24C66C5128950DEC2DC588C71E
.reloc 0x00171000 585,728 bytes 581,632 bytes 7.90 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 10B8540262A2BE89D7D0E96DADB2EC00
Entropy Analysis Alert

1 section(s) with high entropy (≥7.5) detected - possible packing/encryption

Resource Analysis

Total Resources: 5 (19,890 bytes)
Resource Type Count Total Size Percentage
MUI 1 224 bytes
1.1%
TYPELIB 2 18,040 bytes
90.7%
RT_VERSION 1 944 bytes
4.7%
RT_MANIFEST 1 682 bytes
3.4%

Certificate Chain Analysis

Certificate Information
Product Microsoft® Windows® Operating System
Description Microsoft® Volume Shadow Copy Service
File Version 10.0.19041.1741 (WinBuild.160101.0800)
Original Name VSSVC.EXE
Internal Name VSSVC.EXE
Copyright © Microsoft Corporation. All rights reserved.

✓ This file has been digitally signed and the certificate chain has been verified

  • The signature ensures file integrity and authenticity from the publisher
  • Timestamping proves when the signature was applied
Certificate Verification Status

The PE file does not contain a certificate table.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
50 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware