popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

espsemhvcioff.exe

VMProtect Malicious Library PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Nov. 13, 2024, 2:57 p.m. Nov. 13, 2024, 3 p.m.
Size 12.0MB
Type PE32+ executable (console) x86-64, for MS Windows
MD5 bbe62e176be79bc0a150fe76a651cae2
SHA256 ef97e2cccacdf9e48d32e0d08ff25e960d00c56e79aa70757010744239b0a1f4
CRC32 47DB55BC
ssdeep 393216:8JqjB8tnts8cS+dV0GQgzTZJA8G6Zqii:T8tn+81+JTzTZJA87Z
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • VMProtect_Zero - VMProtect packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .vmp0
section .vmp1
section {u'size_of_data': u'0x00c05200', u'virtual_address': u'0x00c82000', u'entropy': 7.976760812997967, u'name': u'.vmp1', u'virtual_size': u'0x00c051ec'} entropy 7.976760813 description A section with a high entropy has been found
entropy 0.999918761932 description Overall entropy of this PE file is high
section .vmp0 description Section name indicates VMProtect
section .vmp1 description Section name indicates VMProtect
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.VMProtect.4!c
tehtris Generic.Malware
Cynet Malicious (score: 100)
Skyhigh BehavesLike.Win64.Trojanpacked.rc
ALYac Trojan.GenericKD.74634709
Cylance Unsafe
VIPRE Trojan.GenericKD.74634709
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (W)
BitDefender Trojan.GenericKD.74634709
K7GW Trojan ( 0058cdc71 )
K7AntiVirus Trojan ( 0058cdc71 )
Arcabit Trojan.Generic.D472D5D5
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win64/Packed.VMProtect.L suspicious
APEX Malicious
Avast Win64:MalwareX-gen [Trj]
Kaspersky UDS:DangerousObject.Multi.Generic
Alibaba Trojan:Win64/VMProtect.3b70fd5f
MicroWorld-eScan Trojan.GenericKD.74634709
Rising Trojan.Lazy!8.8EC3 (CLOUD)
Emsisoft Trojan.GenericKD.74634709 (B)
F-Secure Heuristic.HEUR/AGEN.1315472
McAfeeD Real Protect-LS!BBE62E176BE7
CTX exe.trojan.vmprotect
Sophos Mal/VMProtBad-A
SentinelOne Static AI - Suspicious PE
FireEye Generic.mg.bbe62e176be79bc0
Google Detected
Avira HEUR/AGEN.1315472
Antiy-AVL Trojan[Packed]/Win64.VMProtect
Kingsoft Win32.Troj.Unknown.a
Gridinsoft Ransom.Win64.Wacatac.sa
Microsoft Trojan:Win64/Lazy.NQF!MTB
GData Trojan.GenericKD.74634709
AhnLab-V3 Trojan/Win.Agent.R673869
McAfee Artemis!BBE62E176BE7
DeepInstinct MALICIOUS
Malwarebytes Malware.AI.1481366914
Ikarus PUA.VMProtect
Panda Trj/CI.A
MaxSecure Trojan.Malware.1728101.susgen
Fortinet Riskware/Application
AVG Win64:MalwareX-gen [Trj]
Paloalto generic.ml