popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

fortpriv5.exe

VMProtect Malicious Library Downloader PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Oct. 27, 2024, 11:51 a.m. Oct. 27, 2024, 11:55 a.m.
Size 5.8MB
Type PE32+ executable (console) x86-64, for MS Windows
MD5 4c428e14cf5fc2c5e54ba377389c8253
SHA256 f142f2fefbbd174fbc0d3d6cbe4cb5caa48389dfce9ee63f10d82b503e705468
CRC32 49F6E374
ssdeep 98304:gpWXpGEOHr+mg3awzDSS/GLjqdRK47nr+ktzLy7Mb7hMUwcIesBw1W:gpWPKrtOawXTu/qdRJrSkt3Tb7hMUNIk
Yara
  • Malicious_Library_Zero - Malicious_Library
  • Network_Downloader - File Downloader
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • VMProtect_Zero - VMProtect packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section _RDATA
section .vmp0
section .vmp1
section {u'size_of_data': u'0x005c7a00', u'virtual_address': u'0x0048a000', u'entropy': 7.917605140727239, u'name': u'.vmp1', u'virtual_size': u'0x005c797c'} entropy 7.91760514073 description A section with a high entropy has been found
entropy 0.999831066813 description Overall entropy of this PE file is high
section .vmp0 description Section name indicates VMProtect
section .vmp1 description Section name indicates VMProtect
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.Generic.4!c
tehtris Generic.Malware
Cynet Malicious (score: 100)
Skyhigh BehavesLike.Win64.Downloader.tc
Cylance Unsafe
VIPRE Trojan.GenericKD.74400349
Sangfor Suspicious.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (D)
BitDefender Trojan.GenericKD.74400349
Arcabit Trojan.Generic.D46F425D
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win64/Packed.VMProtect.IH
APEX Malicious
Avast Win64:MalwareX-gen [Trj]
Kaspersky UDS:DangerousObject.Multi.Generic
Alibaba Packed:Win64/VMProtect.346174cd
MicroWorld-eScan Trojan.GenericKD.74400349
Emsisoft Trojan.GenericKD.74400349 (B)
F-Secure Heuristic.HEUR/AGEN.1315472
McAfeeD Real Protect-LS!4C428E14CF5F
CTX exe.trojan.agen
Sophos Mal/VMProtBad-A
Ikarus Trojan.Win64.Vmprotect
FireEye Generic.mg.4c428e14cf5fc2c5
Webroot W32.Malware.Gen
Google Detected
Avira HEUR/AGEN.1315472
Antiy-AVL GrayWare/Win32.Wacapew
Kingsoft Win32.Troj.Unknown.a
Gridinsoft Trojan.Win64.Packed.sa
Microsoft Program:Win32/Wacapew.C!ml
ZoneAlarm UDS:DangerousObject.Multi.Generic
GData Win32.Trojan-Downloader.Generic.20DK5L
AhnLab-V3 Trojan/Win.Generic.C5687340
McAfee Artemis!4C428E14CF5F
DeepInstinct MALICIOUS
Malwarebytes Malware.AI.3696726045
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/PossibleThreat
AVG Win64:MalwareX-gen [Trj]
Paloalto generic.ml
alibabacloud VirTool:Win/Packed.VMProtect.IJ