popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

pb1105.exe

VMProtect Malicious Library PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Dec. 8, 2022, 4:22 p.m. Dec. 8, 2022, 4:24 p.m.
Size 3.5MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 ec7b5f5ae9b483d08fcbbe0d1f02752d
SHA256 38bd43cab9e6f0ac78c43b4277805dd3c6643ce5d119497ce06122acbf3e7d30
CRC32 3ED7D814
ssdeep 49152:dbrlG3UY0v7ml0aq3bVmSd6EqGLKVw9qvDbHepLb6jyhR9lKufDQ2sREpW3ez++w:Frlcl0dRdd7LKQ83eNbhhRqnD
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • VMProtect_Zero - VMProtect packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section _RDATA
section .vmp0
section .vmp1
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 

        
      
      
      

    
  
    
      
        exception.symbol:
        
        

      
        exception.exception_code:
        0xc0000005
        

      
        exception.address:
        0x0
        

      
    
  
    
      
        registers.r14:
        1244320
        

      
        registers.r15:
        0
        

      
        registers.rcx:
        260
        

      
        registers.rsi:
        1244288
        

      
        registers.r10:
        3221225785
        

      
        registers.rbx:
        1243984
        

      
        registers.rsp:
        1243848
        

      
        registers.r11:
        514
        

      
        registers.r8:
        2003566592
        

      
        registers.r9:
        958
        

      
        registers.rdx:
        1244320
        

      
        registers.r12:
        15
        

      
        registers.rbp:
        1244112
        

      
        registers.rdi:
        0
        

      
        registers.rax:
        0
        

      
        registers.r13:
        4096
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                    


                    

                

            
            
        
            


                

                
                

                    

                    

                        
                        

                            

                                

                                    
                                        
                                    
                                        
                                            section
                                            {u'size_of_data': u'0x00379000', u'virtual_address': u'0x0029d000', u'entropy': 7.800921040551726, u'name': u'.vmp1', u'virtual_size': u'0x00378f30'}
                                        
                                    
                                        
                                            entropy
                                            7.80092104055
                                        
                                    
                                        
                                            description
                                            A section with a high entropy has been found
                                        
                                    
                                


                            

                        

                            

                                

                                    
                                        
                                    
                                        
                                            entropy
                                            0.999859412344
                                        
                                    
                                        
                                            description
                                            Overall entropy of this PE file is high
                                        
                                    
                                


                            

                        

                    


                    

                

            
            
        
            


                

                
                

                    

                    

                        
                        

                            

                                

                                    
                                        
                                            section
                                            .vmp0
                                        
                                    
                                        
                                    
                                        
                                            description
                                            Section name indicates VMProtect
                                        
                                    
                                


                            

                        

                            

                                

                                    
                                        
                                            section
                                            .vmp1
                                        
                                    
                                        
                                    
                                        
                                            description
                                            Section name indicates VMProtect
                                        
                                    
                                


                            

                        

                    


                    

                

            
            
        
            


                

                
                

                    

                    

                        
                        

                            

                                

                                    FireEye
                                    Generic.mg.ec7b5f5ae9b483d0
                                    
                                


                            

                        

                            

                                

                                    Cylance
                                    Unsafe
                                    
                                


                            

                        

                            

                                

                                    Cyren
                                    W64/VMProtect.DM.gen!Eldorado
                                    
                                


                            

                        

                            

                                

                                    Symantec
                                    ML.Attribute.HighConfidence
                                    
                                


                            

                        

                            

                                

                                    Elastic
                                    malicious (high confidence)
                                    
                                


                            

                        

                            

                                

                                    ESET-NOD32
                                    a variant of Win64/Packed.VMProtect.L suspicious
                                    
                                


                            

                        

                            

                                

                                    APEX
                                    Malicious
                                    
                                


                            

                        

                            

                                

                                    Kaspersky
                                    Trojan.Win32.Fabookie.auw
                                    
                                


                            

                        

                            

                                

                                    Avast
                                    Win64:Evo-gen [Trj]
                                    
                                


                            

                        

                            

                                

                                    F-Secure
                                    Heuristic.HEUR/AGEN.1210601
                                    
                                


                            

                        

                            

                                

                                    McAfee-GW-Edition
                                    BehavesLike.Win64.CoinMiner.wc
                                    
                                


                            

                        

                            

                                

                                    Trapmine
                                    suspicious.low.ml.score
                                    
                                


                            

                        

                            

                                

                                    Sophos
                                    Generic ML PUA (PUA)
                                    
                                


                            

                        

                            

                                

                                    SentinelOne
                                    Static AI - Suspicious PE
                                    
                                


                            

                        

                            

                                

                                    Google
                                    Detected
                                    
                                


                            

                        

                            

                                

                                    Avira
                                    HEUR/AGEN.1210601
                                    
                                


                            

                        

                            

                                

                                    Microsoft
                                    Trojan:Win32/Wacatac.B!ml
                                    
                                


                            

                        

                            

                                

                                    ZoneAlarm
                                    Trojan.Win32.Fabookie.auw
                                    
                                


                            

                        

                            

                                

                                    Cynet
                                    Malicious (score: 100)
                                    
                                


                            

                        

                            

                                

                                    AhnLab-V3
                                    Trojan/Win.Generic.R536217
                                    
                                


                            

                        

                            

                                

                                    Acronis
                                    suspicious
                                    
                                


                            

                        

                            

                                

                                    Malwarebytes
                                    Trojan.Packed.VMP
                                    
                                


                            

                        

                            

                                

                                    Rising
                                    Trojan.Fabookie!8.11C3D (TFE:5:mWGo1POf65L)
                                    
                                


                            

                        

                            

                                

                                    Ikarus
                                    Trojan.Win64.Agent
                                    
                                


                            

                        

                            

                                

                                    Fortinet
                                    W64/VMProtect.EEF8!tr
                                    
                                


                            

                        

                            

                                

                                    AVG
                                    Win64:Evo-gen [Trj]