popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Legend-Rank1Shop.exe

Malicious Packer VMProtect Malicious Library PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Oct. 28, 2024, 10:17 a.m. Oct. 28, 2024, 10:23 a.m.
Size 5.6MB
Type PE32+ executable (console) x86-64, for MS Windows
MD5 f7fc951c907b03e65c2b1238eae1c226
SHA256 13370fd41fdb1d9673c854a121f734f8991b8bc677f9df65e987c38e0c5316a4
CRC32 0E01DB06
ssdeep 98304:6d6HXQHicjSVsGiblwfUu1H/5FSBo558N6h9agVfZOofDcvfO6IPYEy2L7/H/Mm/:6AgHiASuGAGfUwf5FAZQ3aChcXOxPYEx
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE64 - (no description)
  • VMProtect_Zero - VMProtect packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .vmp0
section .vmp1
section {u'size_of_data': u'0x00598e00', u'virtual_address': u'0x00439000', u'entropy': 7.911327461707096, u'name': u'.vmp1', u'virtual_size': u'0x00598ca0'} entropy 7.91132746171 description A section with a high entropy has been found
section {u'size_of_data': u'0x0000c800', u'virtual_address': u'0x009d3000', u'entropy': 7.919942580203592, u'name': u'.rsrc', u'virtual_size': u'0x0000c740'} entropy 7.9199425802 description A section with a high entropy has been found
entropy 0.999913524732 description Overall entropy of this PE file is high
section .vmp0 description Section name indicates VMProtect
section .vmp1 description Section name indicates VMProtect
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.VMProtect.4!c
tehtris Generic.Malware
Cynet Malicious (score: 100)
Skyhigh BehavesLike.Win64.Generic.tc
Cylance Unsafe
Sangfor PUP.Win32.Agent.Vmpk
CrowdStrike win/malicious_confidence_90% (D)
K7GW Trojan ( 0058cdab1 )
K7AntiVirus Trojan ( 0058cdab1 )
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win64/Packed.VMProtect.L suspicious
APEX Malicious
McAfeeD Real Protect-LS!F7FC951C907B
Trapmine malicious.moderate.ml.score
CTX exe.trojan.vmprotect
Sophos Mal/Generic-S
Ikarus PUA.VMProtect
FireEye Generic.mg.f7fc951c907b03e6
Google Detected
Antiy-AVL GrayWare/Win32.Puwaders
Microsoft Program:Win32/Wacapew.C!ml
Varist W64/ABApplication.FAJB-5699
McAfee Artemis!F7FC951C907B
DeepInstinct MALICIOUS
Malwarebytes Malware.AI.2288176233
MaxSecure Trojan.Malware.300983.susgen
Fortinet Riskware/Application
Paloalto generic.ml
alibabacloud VirTool:Win/Packed.VMProtect.L