Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Oct. 26, 2024, 5:18 p.m.	Oct. 26, 2024, 5:32 p.m.

Size	12.0MB
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`bfff4b9e84f981b5fa23b87288b21c4c`
SHA256	`e0616b6bdb78085aecd51d48455b76173aa6a9c72fc3033e05a55875d3bb7dfd`
CRC32	`ED9917F9`
ssdeep	`393216:L5xUl0XjqXenV0q31rb4vd28Rv+nQfxg:LLVXjIMVjAvd28Rhg`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE64 - (no description) VMProtect_Zero - VMProtect packed file

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

section	.vmp0
section	.vmp1

section

{u'size_of_data': u'0x00c04a00', u'virtual_address': u'0x00c83000', u'entropy': 7.97652963791958, u'name': u'.vmp1', u'virtual_size': u'0x00c048cc'}

entropy

7.97652963792

description

A section with a high entropy has been found

entropy

0.99991874873

description

Overall entropy of this PE file is high

section	.vmp0				description	Section name indicates VMProtect
section	.vmp1				description	Section name indicates VMProtect

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.VMProtect.4!c
tehtris	Generic.Malware
MicroWorld-eScan	Trojan.GenericKD.74390330
CTX	exe.trojan.vmprotect
Skyhigh	BehavesLike.Win64.Generic.rc
ALYac	Trojan.GenericKD.74390330
Cylance	Unsafe
VIPRE	Trojan.GenericKD.74390330
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_90% (D)
Alibaba	Packed:Win64/VMProtect.6072c786
K7GW	Trojan ( 0058cdc71 )
K7AntiVirus	Trojan ( 0058cdc71 )
Arcabit	Trojan.Generic.D46F1B3A
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win64/Packed.VMProtect.L suspicious
APEX	Malicious
Paloalto	generic.ml
Cynet	Malicious (score: 100)
Kaspersky	UDS:DangerousObject.Multi.Generic
BitDefender	Trojan.GenericKD.74390330
Emsisoft	Trojan.GenericKD.74390330 (B)
F-Secure	Heuristic.HEUR/AGEN.1315472
McAfeeD	Real Protect-LS!BFFF4B9E84F9
Sophos	Mal/VMProtBad-A
SentinelOne	Static AI - Malicious PE
FireEye	Generic.mg.bfff4b9e84f981b5
Google	Detected
Avira	HEUR/AGEN.1315472
Antiy-AVL	GrayWare/Win32.Puwaders
Kingsoft	Win32.Troj.Unknown.a
Gridinsoft	Trojan.Win64.Packed.sa
Microsoft	Program:Win32/Wacapew.C!ml
ZoneAlarm	UDS:DangerousObject.Multi.Generic
GData	Trojan.GenericKD.74390330
AhnLab-V3	Trojan/Win.Agent.R673869
DeepInstinct	MALICIOUS
Malwarebytes	Malware.AI.2137149506
Ikarus	PUA.VMProtect
Fortinet	Riskware/Application
alibabacloud	VirTool:Win/Packed.VMProtect.L

plushvci.exe