home

vmprotect.exe

VMProtect

Ivan Yurievich Permyakov IP

The application vmprotect.exe by Ivan Yurievich Permyakov IP has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
VMProtect Software  (signed by Ivan Yurievich Permyakov IP)

Product:
VMProtect

Version:
2.1.2.6186

MD5:
5642d6461054c769b276c9675cfb298a

SHA-1:
6f550e66a59735396f2ebae0dca68fbd552abbf9

SHA-256:
5825f3c2848049d6915d2feed71642906cf5a05342cb2586c572f4f6a8df8247

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/24/2024 1:57:14 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.IvanYurievichPermyakovIP
15.2.14.11

File size:
5.6 MB (5,850,784 bytes)

Product version:
2.11

Copyright:
Copyright 2003-2012 VMProtect Software

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\vmprotect ultimate\vmprotect.exe

Digital Signature
Signed by:
Ivan Yurievich Permyakov IP

Authority:
COMODO CA Limited

Valid from:
3/27/2012 3:00:00 AM

Valid to:
3/28/2013 1:59:59 AM

Subject:
CN=Ivan Yurievich Permyakov IP, O=Ivan Yurievich Permyakov IP, STREET="8 Marta str, 194-236", L=Ekaterinburg, S=Sverdlovskaya oblast, PostalCode=620144, C=RU

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
4A7C90ECFD30D2E76C561C688CF7613F

File PE Metadata
Compilation timestamp:
6/12/2012 7:07:15 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:OYO50MEMcCttnm3yvF4/qA9jkZTtl0bI6G3597aAd2NyfVJbFwxueELYcCFVsuHU:KncCqu4iIjkZTtb2AdZaxBcCFVd0

Entry address:
0x81CD34

Entry point:
9C, E8, 4F, D0, 08, 00, 7C, 83, 9D, 6A, A9, 35, 74, 2C, 11, 42, 8D, AA, E5, 72, CD, B7, 88, 0C, 33, 31, 5E, CD, 32, 5A, E5, B3, 8C, F4, 4B, 15, 74, 69, 96, A2, 7E, D0, 9D, DA, 47, AE, 5D, 89, 6E, DD, 62, D6, 50, AC, 7A, D6, 91, A3, 14, BF, 75, 8A, AA, 5C, 3E, E0, 84, 63, 54, CA, 4A, 6E, 88, 21, 4C, C8, F5, 67, 0B, EB, 3B, B3, 3B, 10, 99, 96, 7B, 38, 0A, 1E, 03, F5, 11, 9D, F8, 28, 9F, 4D, AB, 89, DF, 1A, 39, 41, 57, AC, E4, 96, 2C, CC, 5B, C9, DC, BB, 7A, 00, BB, 3F, 56, BD, E3, 0D, D2, DD, 91, 00, F5, 4C...
 
[+]

Code size:
2.9 MB (3,070,464 bytes)

Remove vmprotect.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.