» vmprotect_con.exe
Overview
Analysis
File Details

vmprotect_con.exe

VMProtect

Ivan Yurievich Permyakov IP

The application vmprotect_con.exe by Ivan Yurievich Permyakov IP has been detected as adware by 10 anti-malware scanners.

File name:

vmprotect_con.exe

Publisher:

VMProtect Software (signed by Ivan Yurievich Permyakov IP)

Product:

VMProtect

Version:

2.1.2.6196

MD5:

f8c6731a5598c85fe0e80539820e5d73

SHA-1:

ce558c1105c35f7d8d9efa81739fcaee4cc1ec0a

SHA-256:

5d6afc17423bf8c6f5afeab7312cf1f702cadb9e300e8063174ed93fb96ce208

Scanner detections:

10 / 68

Status:

Adware

Analysis date:

4/18/2024 12:09:33 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Black.Gen2

7.11.145.244

AVG

Win32/Blacked

2015.0.3483

Comodo Security

UnclassifiedMalware

18181

ESET NOD32

Win32/Packed.VMProtect.ABD (variant)

8.9732

IKARUS anti.virus

VirTool.Win32.Obfuscator

t3scan.1.6.1.0

K7 AntiVirus

Trojan

13.176.11907

McAfee

Artemis!F8C6731A5598

5600.7139

NANO AntiVirus

Trojan.Win32.Black.cumktx

0.28.0.59608

Reason Heuristics

PUP.IvanYurievichPermyakovIP

15.2.14.11

Sophos

Mal/VMProtBad-A

4.98

File size:

4.7 MB (4,880,032 bytes)

Product version:

2.11

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\vmprotect ultimate\vmprotect_con.exe

Digital Signature

Signed by:

Ivan Yurievich Permyakov IP

Authority:

COMODO CA Limited

Valid from:

3/26/2012 8:00:00 PM

Valid to:

3/27/2013 7:59:59 PM

Subject:

CN=Ivan Yurievich Permyakov IP, O=Ivan Yurievich Permyakov IP, STREET="8 Marta str, 194-236", L=Ekaterinburg, S=Sverdlovskaya oblast, PostalCode=620144, C=RU

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

4A7C90ECFD30D2E76C561C688CF7613F

File PE Metadata

Compilation timestamp:

9/30/2012 9:26:52 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

2.25

CTPH (ssdeep):

98304:m93Hf2bATQHaz1c3c16YG3kOI9WeXiSTeRN3JXWJyg4MXb2gukFZxNE:e2Fe1c3cxGJIoYt6RBJwAMyCZ4

Entry address:

0xA8D478

Entry point:

60, C7, 44, 24, 1C, 37, 24, 3B, 03, 60, 8D, 64, 24, 3C, 0F, 8C, 93, 9F, B7, FF, 68, 52, 80, F9, FB, 68, 80, 5F, 32, 65, 8D, 64, 24, 04, E9, 60, 66, 00, 00, 35, 98, A3, B3, 48, 5D, 64, D6, 56, 58, 39, 2E, E0, 7A, A8, 6E, 0D, 50, 12, 4F, 8B, A7, 34, 46, FD, 1C, A6, B8, 2B, C7, 94, 0E, 4D, 2D, EE, 90, D3, FB, 84, 82, 00, 07, 55, B9, 5F, 51, A3, A0, 30, EF, 07, A5, 69, 7F, C1, CE, 14, 1C, C7, 35, 7A, 94, D8, F7, 21, 4D, 93, AE, 1F, 9C, B2, D4, D6, D7, 7C, 25, BE, A4, BF, 83, 4E, B8, B3, FF, A2, 19, DD, D7, 59... 
[+]

Entropy:

7.9974 (probably packed)

Code size:

1.4 MB (1,456,640 bytes)

Remove vmprotect_con.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.