home

vmprotect_con.exe

VMProtect

Ivan Yurievich Permyakov IP

The application vmprotect_con.exe by Ivan Yurievich Permyakov IP has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
VMProtect Software  (signed by Ivan Yurievich Permyakov IP)

Product:
VMProtect

Version:
2.0.5.5321

MD5:
3da829f7e4b9ba2741fb05492bee247b

SHA-1:
c4bbc60a118951afeabba2f39c72c0097ca35ba2

SHA-256:
705c442e4267750caca7c108922087da381640b7c768695c82f1141a436d1c93

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/30/2024 3:05:59 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.IvanYuri (M)
16.7.8.4

File size:
2.5 MB (2,645,256 bytes)

Product version:
2.05

Copyright:
Copyright 2003-2010 VMProtect Software

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:
Ivan Yurievich Permyakov IP

Authority:
The USERTRUST Network

Valid from:
4/14/2010 8:00:00 AM

Valid to:
4/15/2011 7:59:59 AM

Subject:
CN=Ivan Yurievich Permyakov IP, O=Ivan Yurievich Permyakov IP, STREET=Uktusskaya ul. 47 office 54, L=Ekaterinburg, S=Sverdlovskaya obl., PostalCode=620144, C=RU

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
01778B48596E33363F7FB6ECF530E841

File PE Metadata
Compilation timestamp:
5/29/2010 10:01:05 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
2.25

CTPH (ssdeep):
49152:YEaghr7BbiusHLArsQoRuhLKRJz30grq8wpym9+hyf0ycfFwAmRe4t:XvbPKLAYQL0zNwzWys9fiA54t

Entry address:
0x5A6987

Entry point:
E9, 1E, 4F, EC, FF, C6, 44, 24, 04, 98, E9, D8, DD, 00, 00, C3, ED, D7, D9, 4B, 55, 6B, 51, 41, D5, 71, 29, 01, B5, 99, 39, 01, F1, D1, B5, A4, 45, E7, 85, A6, 88, E4, 3C, 25, EE, B8, 18, EC, C4, 07, 41, 83, 96, 7D, DD, AB, 15, 5E, C9, D5, 28, 6E, 0E, 0E, 4C, F8, 43, 0E, BB, E1, AC, 7E, 7B, 1B, FF, 27, C6, 25, 8C, 36, 88, A1, 4D, 2B, CB, 4D, DB, 9A, E9, 50, 96, B9, B3, A2, 67, B8, EF, BB, 47, 77, 30, 22, 23, 0B, CA, 8C, AA, F8, C1, 42, 4E, 93, 55, 86, D7, 24, A6, 51, 62, B4, EA, 7E, 40, F8, 1F, C0, 38, F0...
 
[+]

Entropy:
7.9942

Packer / compiler:
Xtreme-Protector v1.05

Code size:
5.7 MB (5,991,424 bytes)

Remove vmprotect_con.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.