popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

esphvcionbronkz.exe

VMProtect Malicious Library PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Oct. 21, 2024, 5:04 p.m. Oct. 21, 2024, 5:13 p.m.
Size 12.0MB
Type PE32+ executable (console) x86-64, for MS Windows
MD5 2852f7c19b7367e02b916508c9e8d215
SHA256 074339868ce26a85a0d2166d9d6a37547736774b8b7d007c56620d15f25598c0
CRC32 B7B527A4
ssdeep 393216:6839UkRvK/S/gR3U+LhTCORr8VKwCiX6sf2t:6+YR3UgF8v52
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • VMProtect_Zero - VMProtect packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .vmp0
section .vmp1
section {u'size_of_data': u'0x00c01600', u'virtual_address': u'0x00c80000', u'entropy': 7.976855998444513, u'name': u'.vmp1', u'virtual_size': u'0x00c01544'} entropy 7.97685599844 description A section with a high entropy has been found
entropy 0.999918662817 description Overall entropy of this PE file is high
section .vmp0 description Section name indicates VMProtect
section .vmp1 description Section name indicates VMProtect
Bkav W64.AIDetectMalware
Cynet Malicious (score: 100)
Skyhigh BehavesLike.Win64.Generic.rc
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_90% (D)
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win64/Packed.VMProtect.L suspicious
APEX Malicious
F-Secure Heuristic.HEUR/AGEN.1315472
McAfeeD Real Protect-LS!2852F7C19B73
Trapmine suspicious.low.ml.score
Sophos Mal/VMProtBad-A
SentinelOne Static AI - Malicious PE
FireEye Generic.mg.2852f7c19b7367e0
Google Detected
Avira HEUR/AGEN.1315472
Microsoft PUA:Win32/Puwaders.C!ml
DeepInstinct MALICIOUS
Ikarus PUA.VMProtect