home

vmprotect.exe

VMProtect

Ivan Yurievich Permyakov IP

The application vmprotect.exe by Ivan Yurievich Permyakov IP has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from www.iammaddog.ru.
Publisher:
VMProtect Software  (signed by Ivan Yurievich Permyakov IP)

Product:
VMProtect

Version:
2.1.3.6231

MD5:
69086844372f48c0f09130752e0e36cb

SHA-1:
09f2a17a57c14567f17937abb2bf4af840d0c84c

SHA-256:
c9218665930c5fbdbd30519886ffc9c549ce5949f28118dea23a0495cfb74333

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
5/1/2024 5:49:17 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.IvanYurievichPermyakovIP
15.2.14.11

File size:
5.6 MB (5,876,808 bytes)

Product version:
2.13

Copyright:
Copyright 2003-2013 VMProtect Software

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\vmprotect.exe

Digital Signature
Signed by:
Ivan Yurievich Permyakov IP

Authority:
COMODO CA Limited

Valid from:
4/10/2013 2:00:00 AM

Valid to:
4/11/2014 1:59:59 AM

Subject:
CN=Ivan Yurievich Permyakov IP, O=Ivan Yurievich Permyakov IP, STREET="8 Marta str., 194-236", L=Ekaterinburg, S=-, PostalCode=620144, C=RU

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
4E507DE5ED3C00304FE45A6D02994E66

File PE Metadata
Compilation timestamp:
9/21/2013 9:06:36 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:mL4IkwWcuUrLgTsyqJJ+rupiGgF6fXuntmiMn63zlaMQ7nAwg8LUZiaElvYMN0iJ:5wWqOsjPOGwuCw63zleb4ZiXlAMV

Entry address:
0x8CE070

Entry point:
9C, E8, 18, 76, EF, FF, 2C, 72, 4D, AD, 87, 88, 6E, 97, 10, 7A, C9, 0E, A0, 8B, 07, F0, CC, 14, AB, 13, 44, 56, 45, AF, 90, F5, 03, EF, 80, 8C, FF, 46, E6, 4F, 99, 2D, 57, FE, BC, BB, 92, 6C, 84, ED, F5, 04, 4E, 63, E0, 24, 5B, 2C, 92, 70, 82, 54, DE, AA, 7D, 64, 04, 6F, E8, B1, 90, FC, 70, 91, FA, 67, 04, D1, 5E, CD, B6, 84, 19, 05, B9, 74, DE, C8, C0, 01, 60, F5, 90, 8D, 23, B0, B0, 45, 46, 96, 04, D1, 5E, DF, F8, 66, 37, D0, EF, 06, 54, D5, EC, B3, 63, D4, 06, FD, 14, FE, 64, 4D, F1, 6D, 44, B4, 95, 6C...
 
[+]

Code size:
2.8 MB (2,944,512 bytes)

The file vmprotect.exe has been seen being distributed by the following URL.

http://www.iammaddog.ru/.../VMProtect.exe

Remove vmprotect.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.