home

vmprotect.exe

VMProtect

Ivan Yurievich Permyakov IP

The application vmprotect.exe by Ivan Yurievich Permyakov IP has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
VMProtect Software  (signed by Ivan Yurievich Permyakov IP)

Product:
VMProtect

Version:
2.1.3.6231

MD5:
f710fcdc7bfda491532ec31b415c88e5

SHA-1:
61b73b15dc11b7832233026a213b109ee69dbf7b

SHA-256:
19c99c87804764f32f600e88ec6900e9faeb5b5077e420935a8724812072255a

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
5/5/2024 5:21:19 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.7.25.21

File size:
5.7 MB (5,933,640 bytes)

Product version:
2.13

Copyright:
Copyright 2003-2013 VMProtect Software

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\vmprotect ultimate\vmprotect.exe

Digital Signature
Signed by:
Ivan Yurievich Permyakov IP

Authority:
COMODO CA Limited

Valid from:
4/10/2013 8:00:00 AM

Valid to:
4/11/2014 7:59:59 AM

Subject:
CN=Ivan Yurievich Permyakov IP, O=Ivan Yurievich Permyakov IP, STREET="8 Marta str., 194-236", L=Ekaterinburg, S=-, PostalCode=620144, C=RU

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
4E507DE5ED3C00304FE45A6D02994E66

File PE Metadata
Compilation timestamp:
9/21/2013 3:06:31 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:s6ukR+uCEDw4YpJtmi78+bGYl1LMcB1fuEP2p/kRV4LqTnmwjgaQvn0jCKO06BiB:sSR+uPYpL1LMm1WI29iVPTnmwkNP0Flz

Entry address:
0xD46215

Entry point:
50, 9C, 88, 34, 24, C7, 44, 24, 04, BA, 8E, 2A, FF, E8, E5, 8B, C1, FF, E9, 73, 69, AF, FF, 14, F3, B4, 1D, D6, 9F, 0D, 09, E2, 77, 26, 04, 4C, C9, 69, 0B, C0, 89, AC, F8, 99, 21, C7, D5, C5, D9, 06, DC, A0, 2A, 26, FF, A0, 47, EA, BD, E4, 52, 2A, 3E, DF, D1, 95, A3, C6, 9C, 3D, 83, AA, 18, 31, 38, D9, F3, 32, 00, D0, B5, 17, B6, 11, 96, 37, 93, E2, C3, F1, D9, 5E, 18, 62, 01, 11, D3, CA, 47, 05, 80, A1, 41, A3, AB, C2, E3, 31, BF, 3F, EC, 92, D2, 6A, 08, F4, F0, B2, 22, C4, 4D, 16, 9B, 44, DD, 46, 9E, C2...
 
[+]

Entropy:
7.9981  (probably packed)

Code size:
2.9 MB (3,075,584 bytes)

Remove vmprotect.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.