home

vmprotect_con.exe

VMProtect

Ivan Yurievich Permyakov IP

The application vmprotect_con.exe by Ivan Yurievich Permyakov IP has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
VMProtect Software  (signed by Ivan Yurievich Permyakov IP)

Product:
VMProtect

Version:
2.1.3.6231

MD5:
43f8fac8d76f405b51cf19120d0476f5

SHA-1:
6fe18c4577f2a02d91ab370fdc28218d495c5712

SHA-256:
61a2b92c8d3c5361bd3b813186dd0cb299d9df5edaa16444c7b71a2c0cb253a9

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
5/5/2024 3:36:47 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.9.3.0

File size:
4.4 MB (4,579,912 bytes)

Product version:
2.13

Copyright:
Copyright 2003-2013 VMProtect Software

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\vmprotect professional\vmprotect_con.exe

Digital Signature
Signed by:
Ivan Yurievich Permyakov IP

Authority:
COMODO CA Limited

Valid from:
4/10/2013 2:00:00 AM

Valid to:
4/11/2014 1:59:59 AM

Subject:
CN=Ivan Yurievich Permyakov IP, O=Ivan Yurievich Permyakov IP, STREET="8 Marta str., 194-236", L=Ekaterinburg, S=-, PostalCode=620144, C=RU

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
4E507DE5ED3C00304FE45A6D02994E66

File PE Metadata
Compilation timestamp:
9/21/2013 9:06:19 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
2.25

CTPH (ssdeep):
98304:KrmZJ31oPJYpcYPmM5f0NTwTqv7WUwSsSUF10axAYnnDBH387WBoP:bOzAKTa07XRstF1HxAwS7W6

Entry address:
0x5B53F9

Entry point:
E9, A0, 06, 00, 00, 2E, 49, 50, AC, 69, 90, E1, 49, D4, 2A, 02, FC, 3B, E9, 30, D5, 27, E2, C7, 5B, 48, 6E, 66, A7, 06, 8D, 30, 4E, 42, 17, CF, E3, 46, 73, 9E, 82, D2, 17, AA, F9, 04, 82, 0C, 58, 49, 5D, C2, 07, 61, 5A, 83, A1, CA, D6, A1, EB, 2C, 51, 42, 32, 3E, B9, 78, C9, DA, D0, BC, 89, 28, 47, AF, ED, F2, 2A, 47, 3D, F0, 31, D8, 14, 21, 17, 32, 28, 61, 5F, 9E, 8C, CD, B3, 72, 97, 4A, 7F, CA, C8, 61, 8D, 00, 39, 70, EC, EF, 3A, A6, 45, 16, 8A, 60, A2, F7, 36, 1C, 79, E5, F3, B6, B3, 4B, 0E, 5D, 50, CC...
 
[+]

Packer / compiler:
Xtreme-Protector v1.05

Code size:
1.4 MB (1,423,360 bytes)

Remove vmprotect_con.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.