home

vmprotect.exe

VMProtect

Ivan Yurievich Permyakov IP

The application vmprotect.exe by Ivan Yurievich Permyakov IP has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
VMProtect Software  (signed by Ivan Yurievich Permyakov IP)

Product:
VMProtect

Version:
2.0.5.5321

MD5:
34c0a7552c8d62f34912f5123909c99f

SHA-1:
e35911b35868521e04d0cd99e2d622f9fcce2cb5

SHA-256:
36d495165a1e9d0e0a8d6b13f9cc06c64ed160fa25c400dd192c0575e9026adc

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/30/2024 7:44:26 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.IvanYuri (M)
16.7.8.4

File size:
3.6 MB (3,742,472 bytes)

Product version:
2.05

Copyright:
Copyright 2003-2010 VMProtect Software

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:
Ivan Yurievich Permyakov IP

Authority:
The USERTRUST Network

Valid from:
4/14/2010 8:00:00 AM

Valid to:
4/15/2011 7:59:59 AM

Subject:
CN=Ivan Yurievich Permyakov IP, O=Ivan Yurievich Permyakov IP, STREET=Uktusskaya ul. 47 office 54, L=Ekaterinburg, S=Sverdlovskaya obl., PostalCode=620144, C=RU

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
01778B48596E33363F7FB6ECF530E841

File PE Metadata
Compilation timestamp:
5/29/2010 10:00:56 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:FQ1ltbZokeL4VjRiNuQYhJcNr6WU0ulV9us5KNEFODKP:6OLXNu1cEWUTfZpFOmP

Entry address:
0x8FCD78

Entry point:
E8, C4, C3, 03, 00, 00, 6A, E2, 14, ED, 31, C9, E0, 0C, 86, B6, 75, 6B, 8F, 03, 8A, 1A, 6E, 59, C3, 83, 9D, D1, 26, 4A, 8F, 6E, F9, EB, B5, CB, D6, 6B, F2, C7, E4, 7B, 0F, 68, 29, 35, 83, E3, EA, 2B, 32, 45, 2F, 51, 1A, 33, E8, 0F, AA, C2, 8D, 14, 9F, C6, A7, 5C, 04, D6, B0, 0A, 8B, 0A, 3E, 2F, A8, BB, 92, FA, BA, 52, DD, 9B, CB, 8C, 09, E0, 20, 97, 1E, 4F, 62, 4C, F8, 35, C5, 47, 22, 60, A5, A8, 4D, 91, BD, 91, D5, 25, 8C, 09, 03, 86, 2D, 10, E2, 0C, 06, BB, 96, 46, C0, 24, 99, 43, F9, A3, B6, 27, E1, A2...
 
[+]

Entropy:
7.9950  (probably packed)

Code size:
9.2 MB (9,683,456 bytes)

Remove vmprotect.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.