15c2c5563ecce2750920903749ce86e7
Summary
| Architecture |
IMAGE_FILE_MACHINE_AMD64
|
|---|---|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date | 2020-Dec-17 20:38:59 |
| Detected languages |
English - United States
|
| Debug artifacts |
d:\build\ob\bora-17337674\bora-vmsoft\build\release-x64\tools-for-windows\Win32\services\vmtoolsd\vmtoolsd.pdb
|
| CompanyName | VMware, Inc. |
| FileDescription | VMware Tools Core Service |
| FileVersion | 11.2.5.26209 |
| InternalName | vmtoolsd |
| LegalCopyright | Copyright © 1998-2021 VMware, Inc. |
| OriginalFilename | vmtoolsd.exe |
| ProductName | VMware Tools |
| ProductVersion | 11.2.5 build-17337674 |
Plugin Output
| Info | Matching compiler(s): | MASM/TASM - sig1(h) |
| Suspicious | Strings found in the binary may indicate undesirable behavior: |
Looks for VMWare presence:
|
| Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
| Info | The PE is digitally signed. |
Signer: VMware
Issuer: DigiCert Assured ID Code Signing CA-1 |
| Safe | VirusTotal score: 0/67 (Scanned on 2021-08-31 22:44:02) | All the AVs think this file is safe. |
Hashes
DOS Header
| e_magic | MZ |
|---|---|
| e_cblp | 0x90 |
| e_cp | 0x3 |
| e_crlc | 0 |
| e_cparhdr | 0x4 |
| e_minalloc | 0 |
| e_maxalloc | 0xffff |
| e_ss | 0 |
| e_sp | 0xb8 |
| e_csum | 0 |
| e_ip | 0 |
| e_cs | 0 |
| e_ovno | 0 |
| e_oemid | 0 |
| e_oeminfo | 0 |
| e_lfanew | 0x120 |
PE Header
| Signature | PE |
|---|---|
| Machine |
IMAGE_FILE_MACHINE_AMD64
|
| NumberofSections | 6 |
| TimeDateStamp | 2020-Dec-17 20:38:59 |
| PointerToSymbolTable | 0 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xf0 |
| Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Image Optional Header
| Magic | PE32+ |
|---|---|
| LinkerVersion | 14.0 |
| SizeOfCode | 0xa800 |
| SizeOfInitializedData | 0xd000 |
| SizeOfUninitializedData | 0 |
| AddressOfEntryPoint | 0x000000000000A3B0 (Section: .text) |
| BaseOfCode | 0x1000 |
| ImageBase | 0x140000000 |
| SectionAlignment | 0x1000 |
| FileAlignment | 0x200 |
| OperatingSystemVersion | 6.0 |
| ImageVersion | 0.0 |
| SubsystemVersion | 6.0 |
| Win32VersionValue | 0 |
| SizeOfImage | 0x1c000 |
| SizeOfHeaders | 0x400 |
| Checksum | 0x1bf0f |
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve | 0x100000 |
| SizeofStackCommit | 0x1000 |
| SizeofHeapReserve | 0x100000 |
| SizeofHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 16 |
.text
.rdata
.data
.pdata
.rsrc
.reloc
Imports
| ADVAPI32.dll |
AllocateAndInitializeSid
FreeSid InitializeSecurityDescriptor SetSecurityDescriptorDacl SetSecurityDescriptorOwner SetEntriesInAclW RegCloseKey RegNotifyChangeKeyValue RegOpenKeyExW DeregisterEventSource RegisterEventSourceW ReportEventW RegCreateKeyW RegSetValueExW CloseServiceHandle CreateServiceW DeleteService OpenSCManagerW OpenServiceW RegisterServiceCtrlHandlerExW SetServiceStatus StartServiceCtrlDispatcherW |
|---|---|
| ole32.dll |
CoUninitialize
|
| USER32.dll |
GetDesktopWindow
RegisterDeviceNotificationW UnregisterDeviceNotification MessageBoxW GetWindowLongPtrW GetSystemMetrics DestroyWindow CreateWindowExW UnregisterClassW TranslateMessage DispatchMessageW PeekMessageW DefWindowProcW RegisterClassW SetWindowLongPtrW |
| VERSION.dll |
GetFileVersionInfoW
VerQueryValueW GetFileVersionInfoSizeW |
| intl.dll |
libintl_gettext
|
| glib-2.0.dll |
g_malloc
g_main_context_unref g_main_context_default g_main_loop_new g_main_loop_run g_main_loop_unref g_source_remove g_timeout_add g_key_file_new g_key_file_free g_key_file_get_keys g_strdup_printf g_strfreev g_strcmp0 g_array_new g_cond_wait g_array_append_vals g_ptr_array_new g_ptr_array_free g_ptr_array_remove_index g_mutex_clear g_ptr_array_add g_ptr_array_sort g_dir_open g_dir_read_name g_dir_close g_strchomp g_build_filename g_win32_error_message g_option_group_set_error_hook g_option_context_get_main_group g_get_monotonic_time g_source_destroy g_cond_wait_until g_cond_signal g_snprintf g_atomic_int_add g_atomic_int_set g_key_file_get_boolean g_thread_pool_set_max_idle_time g_option_context_parse g_main_loop_quit g_thread_pool_set_max_unused_threads g_mutex_lock g_thread_pool_push g_thread_pool_free g_thread_pool_new g_stat g_queue_delete_link g_queue_remove g_queue_pop_tail g_queue_push_head g_queue_find_custom g_queue_free g_main_loop_is_running g_queue_new g_key_file_get_integer g_rand_int_range g_rand_free g_rand_new g_idle_add_full g_mutex_unlock g_key_file_load_from_file g_file_test g_main_loop_get_context g_array_free g_source_unref g_source_attach g_source_set_callback g_idle_add g_log g_logv g_malloc0 g_str_has_prefix g_clear_error g_file_get_contents g_free g_print g_printerr g_option_context_new g_option_context_set_summary g_option_context_free g_mutex_init g_thread_join g_thread_try_new g_ptr_array_remove g_strdup g_str_has_suffix g_return_if_fail_warning g_option_context_add_main_entries |
| gmodule-2.0.dll |
g_module_open
g_module_symbol g_module_make_resident g_module_error g_module_close |
| gobject-2.0.dll |
g_object_notify
g_object_class_install_property g_signal_new g_cclosure_marshal_VOID__POINTER g_type_check_class_cast g_type_check_instance_cast g_type_register_static g_type_class_peek_parent g_value_get_boolean g_object_unref g_object_get g_object_set g_object_new g_signal_connect_data g_signal_lookup g_type_init g_signal_emit_by_name g_param_spec_pointer g_value_set_uint g_value_get_uint g_value_set_pointer g_value_peek_pointer g_value_get_pointer g_signal_parse_name g_value_set_boolean |
| vmtools.dll |
Win32U_RegQueryValueEx
Win32U_RegOpenKeyEx GuestStoreClient_GetContent VMTools_ConfigGetBoolean VMTools_CompareConfig File_MakeSafeTemp File_UnlinkIfExists BackdoorChannel_New VMTools_CreateTimer RpcChannel_New RpcChannel_SetRetVals RpcChannel_Setup StrUtil_GetNextToken GuestApp_GetConfPath GuestApp_GetInstallPath RpcChannel_RegisterCallback Win32U_FormatMessage Win32U_SetEnvironmentVariable Win32U_GetEnvironmentVariable GuestStoreClient_DeInit GuestStoreClient_Init RpcChannel_Send RpcChannel_Start Str_Snwprintf VMTools_SuspendLogIO VMTools_WriteConfig VMTools_ConfigGetInteger VMTools_AddConfig VMTools_LoadConfig VMTools_GetString VmCheck_IsVirtualWorld Str_SafeAsprintf RpcChannel_SendOne VMTools_BindTextDomain VMTools_TeardownVmxGuestLog VMTools_SetupVmxGuestLog Str_Wcscpy VMTools_UseVmxGuestLog Str_Vaswprintf VMTools_ConfigLogging Str_SafeVaswprintf Str_Aswprintf Hostinfo_GetOSType CodeSet_Utf8ToUtf16le Unicode_InitW Panic RpcChannel_Destroy RpcChannel_Stop VMTools_NewHandleSource Str_Vasprintf VMTools_AttachConsole VMTools_ResumeLogIO vm_free VMTools_ConfigGetString |
| KERNEL32.dll |
CloseHandle
GetLastError SetErrorMode SetEvent WaitForSingleObject CreateEventW GetCurrentProcess GetCurrentThread SetThreadPriority SetPriorityClass GetModuleHandleW GetProcAddress LocalFree SetDllDirectoryW VerifyVersionInfoW SetConsoleCtrlHandler OpenEventW SetLastError ResetEvent WaitForMultipleObjects LocalAlloc OutputDebugStringA OutputDebugStringW FreeLibrary GetModuleFileNameW LoadLibraryW RtlCaptureContext RtlLookupFunctionEntry VerSetConditionMask RtlVirtualUnwind UnhandledExceptionFilter SetUnhandledExceptionFilter TerminateProcess IsProcessorFeaturePresent QueryPerformanceCounter GetCurrentProcessId GetCurrentThreadId GetSystemTimeAsFileTime InitializeSListHead IsDebuggerPresent |
| VCRUNTIME140.dll |
__std_exception_copy
__C_specific_handler __CxxFrameHandler3 __std_exception_destroy _purecall strchr memset _CxxThrowException |
| api-ms-win-crt-heap-l1-1-0.dll |
free
_set_new_mode _callnewh malloc |
| api-ms-win-crt-runtime-l1-1-0.dll |
_c_exit
_errno strerror _seh_filter_exe _set_app_type _configure_wide_argv _initialize_wide_environment _get_initial_wide_environment _initterm _initterm_e _exit __p___argc __p___wargv _cexit _register_thread_local_exe_atexit_callback _initialize_onexit_table _register_onexit_function _crt_atexit terminate exit |
| api-ms-win-crt-locale-l1-1-0.dll |
_configthreadlocale
setlocale |
| api-ms-win-crt-string-l1-1-0.dll |
strncmp
_wcsicmp strcmp |
| api-ms-win-crt-stdio-l1-1-0.dll |
_close
__stdio_common_vswprintf __p__commode __acrt_iob_func __stdio_common_vfwprintf _set_fmode |
| api-ms-win-crt-math-l1-1-0.dll |
__setusermatherr
|
Delayed Imports
1
1 (#2)
101
1 (#3)
1 (#4)
Version Info
| Signature | 0xfeef04bd |
|---|---|
| StructVersion | 0x10000 |
| FileVersion | 11.2.5.26209 |
| ProductVersion | 11.2.5.26209 |
| FileFlags | (EMPTY) |
| FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
| FileType |
VFT_APP
|
| Language | English - United States |
| CompanyName | VMware, Inc. |
| FileDescription | VMware Tools Core Service |
| FileVersion (#2) | 11.2.5.26209 |
| InternalName | vmtoolsd |
| LegalCopyright | Copyright © 1998-2021 VMware, Inc. |
| OriginalFilename | vmtoolsd.exe |
| ProductName | VMware Tools |
| ProductVersion (#2) | 11.2.5 build-17337674 |
| Resource LangID | English - United States |
|---|
IMAGE_DEBUG_TYPE_CODEVIEW
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2020-Dec-17 20:38:59 |
| Version | 0.0 |
| SizeofData | 135 |
| AddressOfRawData | 0x10b4c |
| PointerToRawData | 0xf74c |
| Referenced File | d:\build\ob\bora-17337674\bora-vmsoft\build\release-x64\tools-for-windows\Win32\services\vmtoolsd\vmtoolsd.pdb |
IMAGE_DEBUG_TYPE_VC_FEATURE
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2020-Dec-17 20:38:59 |
| Version | 0.0 |
| SizeofData | 20 |
| AddressOfRawData | 0x10bd4 |
| PointerToRawData | 0xf7d4 |
IMAGE_DEBUG_TYPE_POGO
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2020-Dec-17 20:38:59 |
| Version | 0.0 |
| SizeofData | 692 |
| AddressOfRawData | 0x10be8 |
| PointerToRawData | 0xf7e8 |
TLS Callbacks
Load Configuration
| Size | 0x100 |
|---|---|
| TimeDateStamp | 1970-Jan-01 00:00:00 |
| Version | 0.0 |
| GlobalFlagsClear | (EMPTY) |
| GlobalFlagsSet | (EMPTY) |
| CriticalSectionDefaultTimeout | 0 |
| DeCommitFreeBlockThreshold | 0 |
| DeCommitTotalFreeThreshold | 0 |
| LockPrefixTable | 0 |
| MaximumAllocationSize | 0 |
| VirtualMemoryThreshold | 0 |
| ProcessAffinityMask | 0 |
| ProcessHeapFlags | (EMPTY) |
| CSDVersion | 0 |
| Reserved1 | 0 |
| EditList | 0 |
| SecurityCookie | 0x140015078 |
| GuardCFCheckFunctionPointer | 5368760808 |
| GuardCFDispatchFunctionPointer | 0 |
| GuardCFFunctionTable | 0 |
| GuardCFFunctionCount | 0 |
| GuardFlags | (EMPTY) |
| CodeIntegrity.Flags | 0 |
| CodeIntegrity.Catalog | 0 |
| CodeIntegrity.CatalogOffset | 0 |
| CodeIntegrity.Reserved | 0 |
| GuardAddressTakenIatEntryTable | 0 |
| GuardAddressTakenIatEntryCount | 0 |
| GuardLongJumpTargetTable | 0 |
| GuardLongJumpTargetCount | 0 |
RICH Header
| XOR Key | 0xaa901743 |
|---|---|
| Unmarked objects | 0 |
| Imports (VS2008 SP1 build 30729) | 12 |
| Imports (VS 2015/2017 runtime 26706) | 2 |
| 199 (41118) | 1 |
| Imports (VS2017 v15.8.4 compiler 26729) | 8 |
| Imports (VS2019 Update 2 (16.2) compiler 27905) | 2 |
| ASM objects (VS 2015/2017 runtime 26706) | 2 |
| C++ objects (VS 2015/2017 runtime 26706) | 25 |
| C objects (VS 2015/2017 runtime 26706) | 10 |
| Imports (VS2015/2017 runtime 25711) | 11 |
| Total imports | 309 |
| C objects (VS2017 v15.8.4 compiler 26729) | 10 |
| C++ objects (VS2017 v15.8.4 compiler 26729) | 2 |
| Resource objects (VS2017 v15.8.4 compiler 26729) | 1 |
| 151 | 1 |
| Linker (VS2017 v15.8.4 compiler 26729) | 1 |