popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

11wY50tpm.exe

VMProtect Malicious Library Downloader PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Oct. 21, 2024, 5:03 p.m. Oct. 21, 2024, 5:06 p.m.
Size 5.5MB
Type PE32+ executable (console) x86-64, for MS Windows
MD5 3b38690db145fd74d4d52bab2ac78074
SHA256 6ba760d9873a0a77cf08fedee79a22656ed88edef185bbfac3418c2992d2dab1
CRC32 B7FCAAA9
ssdeep 98304:aUsCzX5IW9GHi1UNQ3tNBHiIC1w49rY+4z4qZcfNl2o1l1HiO9Yz6Jy3XR:Rsp2GH+UNQTBQ1Hs4q0YozBimYmsh
Yara
  • Malicious_Library_Zero - Malicious_Library
  • Network_Downloader - File Downloader
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • VMProtect_Zero - VMProtect packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .vmp0
section .vmp1
section {u'size_of_data': u'0x00587200', u'virtual_address': u'0x00400000', u'entropy': 7.909737290013097, u'name': u'.vmp1', u'virtual_size': u'0x00587160'} entropy 7.90973729001 description A section with a high entropy has been found
entropy 0.999823368365 description Overall entropy of this PE file is high
section .vmp0 description Section name indicates VMProtect
section .vmp1 description Section name indicates VMProtect
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.Generic.4!c
tehtris Generic.Malware
Cynet Malicious (score: 100)
Skyhigh BehavesLike.Win64.Downloader.tc
Cylance Unsafe
Sangfor Suspicious.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (D)
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win64/Packed.VMProtect.L suspicious
APEX Malicious
Avast Win64:MalwareX-gen [Trj]
Alibaba Packed:Win64/VMProtect.6072c786
F-Secure Heuristic.HEUR/AGEN.1315472
McAfeeD Real Protect-LS!3B38690DB145
Trapmine malicious.moderate.ml.score
CTX exe.unknown.generic
Sophos Mal/VMProtBad-A
SentinelOne Static AI - Malicious PE
FireEye Generic.mg.3b38690db145fd74
Google Detected
Avira HEUR/AGEN.1315472
Antiy-AVL GrayWare/Win32.Wacapew
Microsoft Program:Win32/Wacapew.C!ml
Varist W64/Trojan.IGM.gen!Eldorado
McAfee Artemis!3B38690DB145
DeepInstinct MALICIOUS
Malwarebytes Malware.AI.2298758339
Ikarus PUA.VMProtect
MaxSecure Trojan.Malware.300983.susgen
Fortinet W64/CoinMiner.FS!tr
AVG Win64:MalwareX-gen [Trj]
Paloalto generic.ml
alibabacloud VirTool:Win/Wacapew.C9nj