| File Name | VMProtect.exe |
| File Type |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| Scanner Version | 1.0.174.174 |
| Database Version | 2024-05-03 05:00:29 UTC |
Malware family: Gen
| Hash Type | Value | Action |
|---|---|---|
| MD5 |
d8aa353aa2704c76ff8ee4feec146cf7
|
|
| SHA1 |
4fc57daa5b342854846f4b72d59709c2fd1220f4
|
|
| SHA256 |
d928563e935cc2966f876379e165da19e87d4d25ccaf53af3804aecc62a21086
|
|
| SHA512 |
5527a7eed8d5c078bb5b03bbea4c806351cb358aa77da70ce8b0a175774dbb58b439fa9e6b830b3a8615ee107ebe99227910009a8e840030df3747953e0994bf
|
|
| ImpHash |
74b2d7b303116579f108fd9a6e79e8cc
|
| Icon |
Hash: bcaed1d46488a7d8b14878607f3837d3
Fuzzy: 358fda1e8ca00fbc456590eb10e83576 dHash: 92b1c0e686c871b2 |
| Image Base | 0x00400000 |
| Entry Point | 0x023029b0 |
| Compilation Time | 2018-12-29 09:07:27 |
| Checksum | 0x0128e148 (Actual: 0x0128e148) |
| OS Version | 5.1 |
| PEiD Signatures |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| Digital Signature | OK |
| Imports | 13 libraries |
| Exports | 0 functions |
| Resources | 23 Resources |
| Sections | 11 Sections |
| Comments | |
| CompanyName | VMProtect Software |
| FileDescription | |
| FileVersion | 3.3.1.1076 |
| InternalName | |
| LegalCopyright | Copyright 2003-2018 VMProtect Software |
| OriginalFilename | |
| ProductName | VMProtect |
| ProductVersion | 3.3.1 |
| Translation | 0x0409 0x04b0 |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Characteristics | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
14,836,705 bytes | 0 bytes | 0.00 (Normal) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
D41D8CD98F00B204E9800998ECF8427E |
.rdata |
0x00e28000 |
8,194,524 bytes | 0 bytes | 0.00 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
D41D8CD98F00B204E9800998ECF8427E |
.data |
0x015f9000 |
205,316 bytes | 0 bytes | 0.00 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D41D8CD98F00B204E9800998ECF8427E |
.tls |
0x0162c000 |
13 bytes | 0 bytes | 0.00 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D41D8CD98F00B204E9800998ECF8427E |
.qtmetad |
0x0162d000 |
272 bytes | 0 bytes | 0.00 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ
|
D41D8CD98F00B204E9800998ECF8427E |
.gfids |
0x0162e000 |
2,460 bytes | 0 bytes | 0.00 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
D41D8CD98F00B204E9800998ECF8427E |
_RDATA |
0x0162f000 |
304 bytes | 0 bytes | 0.00 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
D41D8CD98F00B204E9800998ECF8427E |
.UPX0 |
0x01630000 |
8,932,507 bytes | 0 bytes | 0.00 (Normal) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
D41D8CD98F00B204E9800998ECF8427E |
.UPX1 |
0x01eb5000 |
19,040,064 bytes | 19,040,256 bytes | 7.99 (Packed/Encrypted) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
99809C2C212433C3B491BA6FD8D09F85 |
.reloc |
0x030de000 |
1,480 bytes | 1,536 bytes | 4.49 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
87F134FBFB2CE675596457F7F1BEFF71 |
.rsrc |
0x030df000 |
346,857 bytes | 347,136 bytes | 5.05 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
F9B3EC343E9C77A9D8823C2B8424E88D |
1 section(s) with high entropy (≥7.5) detected - possible packing/encryption
| Resource Type | Count | Total Size | Percentage |
|---|---|---|---|
| RT_ICON | 18 | 344,279 bytes | |
| RT_GROUP_ICON | 3 | 270 bytes | |
| RT_VERSION | 1 | 700 bytes | |
| RT_MANIFEST | 1 | 381 bytes |
This file is not digitally signed.
⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources
OK
Gridinsoft has the capability to identify and eliminate PUP.Win32.Gen.ns without requiring further user intervention.
Download Anti-MalwareFollow these steps to completely remove the threat from your system
