c42ae004badddd3017adadbdd1421e00
Hash
- MD5: c42ae004badddd3017adadbdd1421e00
- SHA1: 51b208cac103dc28cdbee14b18021ccd85a6e063
- SHA256: 62aac86f38f26700cf534c0a316d31882ffb74488bd1d87a3caeef604fc3a124
- First Seen: 2026-05-14
- Last Seen: 2026-05-14
-
1
Related Reports
-
0
Related IOCs
Additional Information
VirusTotal
{
"data": {
"id": "62aac86f38f26700cf534c0a316d31882ffb74488bd1d87a3caeef604fc3a124",
"type": "file",
"links": {
"self": "https://www.virustotal.com/api/v3/files/62aac86f38f26700cf534c0a316d31882ffb74488bd1d87a3caeef604fc3a124"
},
"attributes": {
"last_modification_date": 1779797350,
"magika": "PEBIN",
"magic": "PE32+ executable (DLL) (GUI) x86-64, for MS Windows",
"size": 4768256,
"popular_threat_classification": {
"popular_threat_category": [
{
"value": "trojan",
"count": 24
}
],
"suggested_threat_label": "trojan.vmprotect/black",
"popular_threat_name": [
{
"value": "vmprotect",
"count": 8
},
{
"value": "black",
"count": 2
},
{
"value": "gen2",
"count": 2
}
]
},
"meaningful_name": "y30gqv23i.exe",
"authentihash": "f0f522ac977728e4346626cce5b5f5fd76a5f30bc920bd9e74b49465d7d7b959",
"unique_sources": 1,
"reputation": -52,
"tags": [
"64bits",
"pedll",
"idle"
],
"filecondis": {
"raw_md5": "1691d1fe35e0bbd00db7bd939f701ec1",
"dhash": "0000001c1c050000"
},
"first_submission_date": 1756370228,
"sha1": "51b208cac103dc28cdbee14b18021ccd85a6e063",
"last_analysis_stats": {
"malicious": 52,
"suspicious": 0,
"undetected": 19,
"harmless": 0,
"timeout": 0,
"confirmed-timeout": 0,
"failure": 0,
"type-unsupported": 4
},
"md5": "c42ae004badddd3017adadbdd1421e00",
"sha256": "62aac86f38f26700cf534c0a316d31882ffb74488bd1d87a3caeef604fc3a124",
"sigma_analysis_summary": {
"Sigma Integrated Rule Set (GitHub)": {
"critical": 0,
"high": 0,
"medium": 4,
"low": 0
}
},
"pe_info": {
"timestamp": 1756276920,
"imphash": "5b2bb9f45ff699314c1095ba1bbed48a",
"machine_type": 34404,
"entry_point": 9000649,
"sections": [
{
"name": ".text",
"chi2": -1.0,
"virtual_address": 4096,
"flags": "rx",
"raw_size": 0,
"entropy": 0.0,
"virtual_size": 1984395,
"md5": "d41d8cd98f00b204e9800998ecf8427e"
},
{
"name": ".rdata",
"chi2": 33072796.0,
"virtual_address": 1990656,
"flags": "r",
"raw_size": 1108480,
"entropy": 5.65,
"virtual_size": 1108298,
"md5": "283b0b5a7362529926d2921e9a71255c"
},
{
"name": ".data",
"chi2": -1.0,
"virtual_address": 3100672,
"flags": "rw",
"raw_size": 0,
"entropy": 0.0,
"virtual_size": 12984,
"md5": "d41d8cd98f00b204e9800998ecf8427e"
},
{
"name": ".pdata",
"chi2": -1.0,
"virtual_address": 3117056,
"flags": "r",
"raw_size": 0,
"entropy": 0.0,
"virtual_size": 109176,
"md5": "d41d8cd98f00b204e9800998ecf8427e"
},
{
"name": ".vmp0",
"chi2": -1.0,
"virtual_address": 3227648,
"flags": "rx",
"raw_size": 0,
"entropy": 0.0,
"virtual_size": 2674094,
"md5": "d41d8cd98f00b204e9800998ecf8427e"
},
{
"name": ".vmp1",
"chi2": 217287.97,
"virtual_address": 5902336,
"flags": "rx",
"raw_size": 3640320,
"entropy": 7.98,
"virtual_size": 3639816,
"md5": "51d26ef00332600c5c9100447e8ac0fa"
},
{
"name": ".reloc",
"chi2": 102377.71,
"virtual_address": 9543680,
"flags": "r",
"raw_size": 18432,
"entropy": 5.47,
"virtual_size": 18344,
"md5": "7fc805ca8da330fcb35451e7c3ca54bb"
}
],
"exports": [
"DllRegisterServer",
"DllUnregisterServer"
],
"compiler_product_versions": [
"[IMP] VS2008 SP1 build 30729 count=6",
"[IMP] VS2022 v17.9.0 pre 1.0 build 33218 count=2",
"[C++] VS2022 v17.9.0 pre 1.0 build 33218 count=16",
"[ C ] VS2022 v17.9.0 pre 1.0 build 33218 count=7",
"[ASM] VS2022 v17.9.0 pre 1.0 build 33218 count=3",
"[IMP] VS2019 v16.11.27 build 30151 count=35",
"[---] Unmarked objects count=314",
"[---] Unmarked objects (old) count=274",
"id: 0x100, version: 33523 count=1",
"id: 0x102, version: 33523 count=1"
],
"rich_pe_header_hash": "be645299b213802b39dbb40c0c4cf81c",
"import_list": [
{
"library_name": "api-ms-win-core-synch-l1-2-0.dll",
"imported_functions": [
"WaitOnAddress"
]
},
{
"library_name": "bcryptprimitives.dll",
"imported_functions": [
"ProcessPrng"
]
},
{
"library_name": "kernel32.dll",
"imported_functions": [
"ExitProcess",
"FreeLibrary",
"GetCurrentProcess",
"GetCurrentThread",
"GetLastError",
"GetModuleFileNameW",
"GetModuleHandleA",
"GetProcAddress",
"GetProcessAffinityMask",
"LoadLibraryA",
"LocalAlloc",
"LocalFree",
"SetProcessAffinityMask",
"SetThreadAffinityMask",
"SetUnhandledExceptionFilter",
"Sleep"
]
},
{
"library_name": "ws2_32.dll",
"imported_functions": [
"getsockname"
]
},
{
"library_name": "user32.dll",
"imported_functions": [
"CharUpperBuffW",
"MessageBoxA"
]
},
{
"library_name": "advapi32.dll",
"imported_functions": [
"CloseServiceHandle",
"EnumServicesStatusExW",
"OpenSCManagerW",
"OpenServiceW",
"QueryServiceConfigW",
"RegOpenKeyExW",
"RegQueryValueExA"
]
},
{
"library_name": "secur32.dll",
"imported_functions": [
"FreeCredentialsHandle"
]
},
{
"library_name": "crypt32.dll",
"imported_functions": [
"CertDuplicateCertificateChain"
]
},
{
"library_name": "ntdll.dll",
"imported_functions": [
"NtCreateFile"
]
},
{
"library_name": "iphlpapi.dll",
"imported_functions": [
"GetAdaptersAddresses"
]
},
{
"library_name": "pdh.dll",
"imported_functions": [
"PdhOpenQueryA"
]
},
{
"library_name": "powrprof.dll",
"imported_functions": [
"CallNtPowerInformation"
]
},
{
"library_name": "oleaut32.dll",
"imported_functions": [
"SysStringLen"
]
},
{
"library_name": "psapi.dll",
"imported_functions": [
"GetProcessMemoryInfo"
]
},
{
"library_name": "shell32.dll",
"imported_functions": [
"CommandLineToArgvW"
]
},
{
"library_name": "VCRUNTIME140.dll",
"imported_functions": [
"memmove"
]
},
{
"library_name": "api-ms-win-crt-string-l1-1-0.dll",
"imported_functions": [
"wcslen"
]
},
{
"library_name": "api-ms-win-crt-heap-l1-1-0.dll",
"imported_functions": [
"free"
]
},
{
"library_name": "api-ms-win-crt-runtime-l1-1-0.dll",
"imported_functions": [
"_initterm"
]
},
{
"library_name": "WTSAPI32.dll",
"imported_functions": [
"WTSSendMessageW"
]
}
]
},
"type_extension": "dll",
"type_tags": [
"executable",
"windows",
"win32",
"pe",
"pedll"
],
"crowdsourced_ids_results": [
{
"rule_category": "Potentially Bad Traffic",
"alert_severity": "low",
"rule_msg": "ET POLICY Observed DNS Query to Commonly Abused Cloudflare Domain (trycloudflare .com)",
"rule_id": "1:2034552",
"rule_source": "Proofpoint Emerging Threats Open",
"rule_url": "https://rules.emergingthreats.net/",
"rule_raw": "alert dns $HOME_NET any -> any any (msg:\"ET POLICY Observed DNS Query to Commonly Abused Cloudflare Domain (trycloudflare .com)\"; dns.query; dotprefix; content:\".trycloudflare.com\"; nocase; endswith; classtype:bad-unknown; sid:2034552; rev:1; metadata:attack_target Client_Endpoint, created_at 2021_11_29, deployment Perimeter, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2021_11_29;)",
"alert_context": [
{
"dest_ip": "8.8.8.8",
"dest_port": 53
}
]
}
],
"type_description": "Win32 DLL",
"vhash": "146076055d050707755013z13z13z13z1011z1013z15z16z2",
"sigma_analysis_results": [
{
"rule_level": "medium",
"rule_id": "047ea96432123c5b2a32816291dc196702b51bd9d49adb2c1673b59dd0018a0c",
"rule_source": "Sigma Integrated Rule Set (GitHub)",
"rule_title": "DNS Query Request By Regsvr32.EXE",
"rule_description": "Detects DNS queries initiated by \"Regsvr32.exe\"",
"rule_author": "Dmitriy Lifanov, oscd.community",
"match_context": [
{
"values": {
"QueryStatus": "9003",
"QueryName": "female-disorder-beta-metropolitan.trycloudflare.com",
"Image": "C:\\Windows\\System32\\regsvr32.exe",
"EventID": "22"
}
}
]
},
{
"rule_level": "medium",
"rule_id": "8b5db9da5732dc549b0e8b56fe5933d7c95ed760f3ac20568ab95347ef8c5bcc",
"rule_source": "Sigma Integrated Rule Set (GitHub)",
"rule_title": "CurrentVersion Autorun Keys Modification",
"rule_description": "Detects modification of autostart extensibility point (ASEP) in registry.",
"rule_author": "Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split)",
"match_context": [
{
"values": {
"RuleName": "T1060,RunKey",
"EventID": "13",
"Details": "regsvr32.exe /s \"C:\\ProgramData\\Q1A4wq2.www\"",
"Image": "C:\\Windows\\system32\\regsvr32.exe",
"EventType": "SetValue",
"TargetObject": "HKU\\S-1-5-21-4005801669-2598574594-602355426-1001\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\tdll"
}
}
]
},
{
"rule_level": "medium",
"rule_id": "a75f3ad30b636c91c9da06907f4b199d4fad8f73c4efdd1c1c32615815b38664",
"rule_source": "Sigma Integrated Rule Set (GitHub)",
"rule_title": "DNS Query To Common Malware Hosting and Shortener Services",
"rule_description": "Detects DNS queries to domains commonly used by threat actors to host malware payloads or redirect through URL shorteners.\nThese include platforms like Cloudflare Workers, TryCloudflare, InfinityFree, and URL shorteners such as tinyurl and lihi.cc.\nSuch DNS activity can indicate potential delivery or command-and-control communication attempts.\n",
"rule_author": "Ahmed Nosir (@egycondor)",
"match_context": [
{
"values": {
"QueryStatus": "9003",
"QueryName": "female-disorder-beta-metropolitan.trycloudflare.com",
"Image": "C:\\Windows\\System32\\regsvr32.exe",
"EventID": "22"
}
}
]
},
{
"rule_level": "medium",
"rule_id": "eb3d787705736430a92c127b22627ce5de4f5d421899962446a84013018022a9",
"rule_source": "Sigma Integrated Rule Set (GitHub)",
"rule_title": "Cloudflared Tunnels Related DNS Requests",
"rule_description": "Detects DNS requests to Cloudflared tunnels domains.\nAttackers can abuse that feature to establish a reverse shell or persistence on a machine.\n",
"rule_author": "Nasreddine Bencherchali (Nextron Systems)",
"match_context": [
{
"values": {
"QueryStatus": "9003",
"QueryName": "female-disorder-beta-metropolitan.trycloudflare.com",
"Image": "C:\\Windows\\System32\\regsvr32.exe",
"EventID": "22"
}
}
]
}
],
"sigma_analysis_stats": {
"critical": 0,
"high": 0,
"medium": 4,
"low": 0
},
"tlsh": "T1DB26F157BF4ACEDBD98CC83884770B58323391958FD2A3479188693C7E7731A4E6C1A9",
"sandbox_verdicts": {
"C2AE": {
"category": "undetected",
"malware_classification": [
"UNKNOWN_VERDICT"
],
"sandbox_name": "C2AE"
}
},
"trid": [
{
"file_type": "Win64 Executable (generic)",
"probability": 33.1
},
{
"file_type": "Win16 NE executable (generic)",
"probability": 25.6
},
{
"file_type": "Windows Icons Library (generic)",
"probability": 10.4
},
{
"file_type": "OS/2 Executable (generic)",
"probability": 10.3
},
{
"file_type": "Generic Win/DOS Executable",
"probability": 10.1
}
],
"signature_info": {
"x509": [
{
"valid usage": "Client Auth",
"thumbprint_sha256": "48830707D799762E4461866979229CC5A5C9425AAA9BFE71CB877FB0BE2A3613",
"name": "VMProtect Client 88996417",
"algorithm": "sha256RSA",
"thumbprint_md5": "A45DAD5A541D8BA4166E98A3A4BFCE6A",
"valid from": "2014-09-29 00:00:00",
"valid to": "2024-09-26 23:59:59",
"serial number": "0E 55 59 BC 4E 1C 5C 96 EB CB 69 4D BA 1C 15 92",
"cert issuer": "VMProtect Software CA",
"thumbprint": "2E20B7079E5D83E7987B2605DB160D1561A0C07A"
},
{
"thumbprint_sha256": "A94F13099891AF95BFF58AF6E8476C1AD7256184B23A35AB2B83158710079D13",
"name": "VMProtect Software CA",
"algorithm": "sha256RSA",
"thumbprint_md5": "3F30127D27D5408AA6BAA4B57918A0C2",
"valid from": "2013-04-30 00:00:00",
"valid to": "2033-04-29 23:59:59",
"serial number": "25 A2 8E 41 8E F2 D5 5B 87 EE 71 5B 42 AF BE DB",
"cert issuer": "IEEE Root CA",
"thumbprint": "14E375BD4A40DDD3310E05328DDA16E84BAC6D34"
}
]
},
"creation_date": 1756276920,
"names": [
"y30gqv23i.exe",
"Q1A4wq2.www"
],
"last_submission_date": 1756370228,
"crowdsourced_ids_stats": {
"high": 0,
"medium": 0,
"low": 1,
"info": 0
},
"last_analysis_results": {
"Bkav": {
"method": "blacklist",
"engine_name": "Bkav",
"engine_version": "8.2.40(8338)",
"engine_update": "20260525",
"category": "malicious",
"result": "W32.Malware.23754045"
},
"Lionic": {
"method": "blacklist",
"engine_name": "Lionic",
"engine_version": "8.16",
"engine_update": "20260526",
"category": "malicious",
"result": "Trojan.Win32.VMProtect.4!c"
},
"tehtris": {
"method": "blacklist",
"engine_name": "tehtris",
"engine_version": "v0.1.4",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"MicroWorld-eScan": {
"method": "blacklist",
"engine_name": "MicroWorld-eScan",
"engine_version": "14.0.409.0",
"engine_update": "20260526",
"category": "malicious",
"result": "Application.Generic.4320555"
},
"ClamAV": {
"method": "blacklist",
"engine_name": "ClamAV",
"engine_version": "1.5.2.0",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"CMC": {
"method": "blacklist",
"engine_name": "CMC",
"engine_version": "2.4.2022.1",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"CAT-QuickHeal": {
"method": "blacklist",
"engine_name": "CAT-QuickHeal",
"engine_version": "22.00",
"engine_update": "20260525",
"category": "undetected",
"result": null
},
"Skyhigh": {
"method": "blacklist",
"engine_name": "Skyhigh",
"engine_version": "v2021.2.0+4045",
"engine_update": "20260525",
"category": "malicious",
"result": "BehavesLike.Win64.Rootkit.rc"
},
"ALYac": {
"method": "blacklist",
"engine_name": "ALYac",
"engine_version": "2.0.0.10",
"engine_update": "20260526",
"category": "malicious",
"result": "Backdoor.Agent.status"
},
"Cylance": {
"method": "blacklist",
"engine_name": "Cylance",
"engine_version": "3.0.0.0",
"engine_update": "20260521",
"category": "malicious",
"result": "Unsafe"
},
"VIPRE": {
"method": "blacklist",
"engine_name": "VIPRE",
"engine_version": "6.0.0.35",
"engine_update": "20260525",
"category": "malicious",
"result": "Application.Generic.4320555"
},
"Sangfor": {
"method": "blacklist",
"engine_name": "Sangfor",
"engine_version": "2.22.3.0",
"engine_update": "20260525",
"category": "malicious",
"result": "Trojan.Win32.Packed.Vujx"
},
"CrowdStrike": {
"method": "blacklist",
"engine_name": "CrowdStrike",
"engine_version": "1.0",
"engine_update": "20251219",
"category": "malicious",
"result": "win/malicious_confidence_100% (W)"
},
"BitDefender": {
"method": "blacklist",
"engine_name": "BitDefender",
"engine_version": "7.2",
"engine_update": "20260526",
"category": "malicious",
"result": "Application.Generic.4320555"
},
"K7GW": {
"method": "blacklist",
"engine_name": "K7GW",
"engine_version": "14.54.59617",
"engine_update": "20260526",
"category": "malicious",
"result": "Trojan ( 7000001d1 )"
},
"K7AntiVirus": {
"method": "blacklist",
"engine_name": "K7AntiVirus",
"engine_version": "14.54.59615",
"engine_update": "20260526",
"category": "malicious",
"result": "Trojan ( 7000001d1 )"
},
"Arcabit": {
"method": "blacklist",
"engine_name": "Arcabit",
"engine_version": "2025.0.0.23",
"engine_update": "20260526",
"category": "malicious",
"result": "Application.Generic.D41ED2B"
},
"VirIT": {
"method": "blacklist",
"engine_name": "VirIT",
"engine_version": "9.5.1214",
"engine_update": "20260525",
"category": "undetected",
"result": null
},
"Symantec": {
"method": "blacklist",
"engine_name": "Symantec",
"engine_version": "1.22.0.0",
"engine_update": "20260525",
"category": "malicious",
"result": "Trojan.Gen.2"
},
"Elastic": {
"method": "blacklist",
"engine_name": "Elastic",
"engine_version": "4.0.261",
"engine_update": "20260525",
"category": "malicious",
"result": "malicious (high confidence)"
},
"ESET-NOD32": {
"method": "blacklist",
"engine_name": "ESET-NOD32",
"engine_version": "18.2.18.0",
"engine_update": "20260526",
"category": "malicious",
"result": "Win64/Kimsuky.CC trojan"
},
"Zoner": {
"method": "blacklist",
"engine_name": "Zoner",
"engine_version": "2.2.2.0",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"TrendMicro-HouseCall": {
"method": "blacklist",
"engine_name": "TrendMicro-HouseCall",
"engine_version": "24.550.0.1002",
"engine_update": "20260526",
"category": "malicious",
"result": "Trojan.Win32.ZYX.USBLEJ26"
},
"Paloalto": {
"method": "blacklist",
"engine_name": "Paloalto",
"engine_version": "0.9.0.1003",
"engine_update": "20260526",
"category": "malicious",
"result": "generic.ml"
},
"Cynet": {
"method": "blacklist",
"engine_name": "Cynet",
"engine_version": "4.0.3.4",
"engine_update": "20260526",
"category": "malicious",
"result": "Malicious (score: 100)"
},
"Kaspersky": {
"method": "blacklist",
"engine_name": "Kaspersky",
"engine_version": "22.0.1.28",
"engine_update": "20260526",
"category": "malicious",
"result": "Trojan.Win32.Agent.xbzywd"
},
"Alibaba": {
"method": "blacklist",
"engine_name": "Alibaba",
"engine_version": "0.3.0.5",
"engine_update": "20190527",
"category": "malicious",
"result": "Packed:Win32/VMProtect.aadcf061"
},
"NANO-Antivirus": {
"method": "blacklist",
"engine_name": "NANO-Antivirus",
"engine_version": "1.0.170.26895",
"engine_update": "20260526",
"category": "malicious",
"result": "Trojan.Win64.Mlw.lbkulc"
},
"SUPERAntiSpyware": {
"method": "blacklist",
"engine_name": "SUPERAntiSpyware",
"engine_version": "5.6.0.1032",
"engine_update": "20260525",
"category": "undetected",
"result": null
},
"Rising": {
"method": "blacklist",
"engine_name": "Rising",
"engine_version": "25.0.0.28",
"engine_update": "20260526",
"category": "malicious",
"result": "[email protected] (TAGGANT:N4uaNhWBXkOliTeOzUizAw)"
},
"Sophos": {
"method": "blacklist",
"engine_name": "Sophos",
"engine_version": "3.5.1.0",
"engine_update": "20260526",
"category": "malicious",
"result": "Mal/VMProtBad-A"
},
"F-Secure": {
"method": "blacklist",
"engine_name": "F-Secure",
"engine_version": "18.10.1547.307",
"engine_update": "20260526",
"category": "malicious",
"result": "Trojan.TR/Black.Gen2"
},
"DrWeb": {
"method": "blacklist",
"engine_name": "DrWeb",
"engine_version": "7.0.75.2070",
"engine_update": "20260526",
"category": "malicious",
"result": "Trojan.Packed2.51416"
},
"Zillya": {
"method": "blacklist",
"engine_name": "Zillya",
"engine_version": "2.0.0.5608",
"engine_update": "20260525",
"category": "malicious",
"result": "Trojan.VMProtect.Win32.126013"
},
"TrendMicro": {
"method": "blacklist",
"engine_name": "TrendMicro",
"engine_version": "24.550.0.1002",
"engine_update": "20260526",
"category": "malicious",
"result": "Trojan.Win32.ZYX.USBLEJ26"
},
"McAfeeD": {
"method": "blacklist",
"engine_name": "McAfeeD",
"engine_version": "1.2.0.14532",
"engine_update": "20260526",
"category": "malicious",
"result": "ti!62AAC86F38F2"
},
"Trapmine": {
"method": "blacklist",
"engine_name": "Trapmine",
"engine_version": "4.0.12.0",
"engine_update": "20260504",
"category": "malicious",
"result": "malicious.high.ml.score"
},
"CTX": {
"method": "blacklist",
"engine_name": "CTX",
"engine_version": "2024.8.29.1",
"engine_update": "20260526",
"category": "malicious",
"result": "dll.trojan.vmprotect"
},
"Emsisoft": {
"method": "blacklist",
"engine_name": "Emsisoft",
"engine_version": "2024.8.0.61147",
"engine_update": "20260526",
"category": "malicious",
"result": "Application.Generic.4320555 (B)"
},
"SentinelOne": {
"method": "blacklist",
"engine_name": "SentinelOne",
"engine_version": "7.6.2.19",
"engine_update": "20260324",
"category": "malicious",
"result": "Static AI - Suspicious PE"
},
"Jiangmin": {
"method": "blacklist",
"engine_name": "Jiangmin",
"engine_version": "16.0.100",
"engine_update": "20260525",
"category": "undetected",
"result": null
},
"Webroot": {
"method": "blacklist",
"engine_name": "Webroot",
"engine_version": "1.9.0.8",
"engine_update": "20250227",
"category": "undetected",
"result": null
},
"Google": {
"method": "blacklist",
"engine_name": "Google",
"engine_version": "1779782449",
"engine_update": "20260526",
"category": "malicious",
"result": "Detected"
},
"Avira": {
"method": "blacklist",
"engine_name": "Avira",
"engine_version": "8.3.3.24",
"engine_update": "20260526",
"category": "malicious",
"result": "TR/Black.Gen2"
},
"Antiy-AVL": {
"method": "blacklist",
"engine_name": "Antiy-AVL",
"engine_version": "3.0",
"engine_update": "20260526",
"category": "malicious",
"result": "Trojan[Packed]/Win32.VMProtect"
},
"Kingsoft": {
"method": "blacklist",
"engine_name": "Kingsoft",
"engine_version": "None",
"engine_update": "20260524",
"category": "malicious",
"result": "Win32.Trojan.Agent.xbzywd"
},
"Gridinsoft": {
"method": "blacklist",
"engine_name": "Gridinsoft",
"engine_version": "1.0.246.174",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"Xcitium": {
"method": "blacklist",
"engine_name": "Xcitium",
"engine_version": "38677",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"Microsoft": {
"method": "blacklist",
"engine_name": "Microsoft",
"engine_version": "1.1.26040.8",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"ViRobot": {
"method": "blacklist",
"engine_name": "ViRobot",
"engine_version": "2014.3.20.0",
"engine_update": "20260526",
"category": "malicious",
"result": "Trojan.Win.C.Vmprotect.4768256.A"
},
"ZoneAlarm": {
"method": "blacklist",
"engine_name": "ZoneAlarm",
"engine_version": "6.25-116107039",
"engine_update": "20260526",
"category": "malicious",
"result": "Mal/VMProtBad-A"
},
"GData": {
"method": "blacklist",
"engine_name": "GData",
"engine_version": "GD:27.44681AVA:64.31308",
"engine_update": "20260526",
"category": "malicious",
"result": "Application.Generic.4320555"
},
"Varist": {
"method": "blacklist",
"engine_name": "Varist",
"engine_version": "6.6.1.3",
"engine_update": "20260526",
"category": "malicious",
"result": "W64/ABTrojan.VCDO-7595"
},
"AhnLab-V3": {
"method": "blacklist",
"engine_name": "AhnLab-V3",
"engine_version": "3.30.0.10666",
"engine_update": "20260526",
"category": "malicious",
"result": "Backdoor/Win.Nightello.R719743"
},
"Acronis": {
"method": "blacklist",
"engine_name": "Acronis",
"engine_version": "1.2.0.121",
"engine_update": "20240328",
"category": "undetected",
"result": null
},
"VBA32": {
"method": "blacklist",
"engine_name": "VBA32",
"engine_version": "5.6.1",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"TACHYON": {
"method": "blacklist",
"engine_name": "TACHYON",
"engine_version": "2026-05-26.02",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"DeepInstinct": {
"method": "blacklist",
"engine_name": "DeepInstinct",
"engine_version": "5.0.0.8",
"engine_update": "20260526",
"category": "malicious",
"result": "MALICIOUS"
},
"Malwarebytes": {
"method": "blacklist",
"engine_name": "Malwarebytes",
"engine_version": "3.1.0.235",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"Ikarus": {
"method": "blacklist",
"engine_name": "Ikarus",
"engine_version": "6.4.16.0",
"engine_update": "20260526",
"category": "malicious",
"result": "Trojan.Win32.VMProtect"
},
"Panda": {
"method": "blacklist",
"engine_name": "Panda",
"engine_version": "4.6.4.2",
"engine_update": "20260525",
"category": "undetected",
"result": null
},
"APEX": {
"method": "blacklist",
"engine_name": "APEX",
"engine_version": "6.782",
"engine_update": "20260525",
"category": "undetected",
"result": null
},
"Tencent": {
"method": "blacklist",
"engine_name": "Tencent",
"engine_version": "1.0.0.1",
"engine_update": "20260526",
"category": "malicious",
"result": "Win32.Trojan.Agent.Ogil"
},
"Yandex": {
"method": "blacklist",
"engine_name": "Yandex",
"engine_version": "5.5.2.24",
"engine_update": "20260526",
"category": "malicious",
"result": "Trojan.VMProtect!hHh/kykbpCI"
},
"TrellixENS": {
"method": "blacklist",
"engine_name": "TrellixENS",
"engine_version": "6.0.6.653",
"engine_update": "20260525",
"category": "malicious",
"result": "Packed-GV!C42AE004BADD"
},
"huorong": {
"method": "blacklist",
"engine_name": "huorong",
"engine_version": "b8a15cc:b8a15cc:e0fccfc:e0fccfc",
"engine_update": "20260525",
"category": "undetected",
"result": null
},
"MaxSecure": {
"method": "blacklist",
"engine_name": "MaxSecure",
"engine_version": "1.0.0.1",
"engine_update": "20260526",
"category": "malicious",
"result": "Trojan.Malware.644564656.susgen"
},
"Fortinet": {
"method": "blacklist",
"engine_name": "Fortinet",
"engine_version": "7.0.48.0",
"engine_update": "20260526",
"category": "malicious",
"result": "W32/Packed.GV!tr"
},
"AVG": {
"method": "blacklist",
"engine_name": "AVG",
"engine_version": "23.9.8494.0",
"engine_update": "20260515",
"category": "malicious",
"result": "Win64:MalwareX-gen [Misc]"
},
"Avast": {
"method": "blacklist",
"engine_name": "Avast",
"engine_version": "23.9.8494.0",
"engine_update": "20260515",
"category": "malicious",
"result": "Win64:MalwareX-gen [Misc]"
},
"alibabacloud": {
"method": "blacklist",
"engine_name": "alibabacloud",
"engine_version": "2.2.0",
"engine_update": "20250321",
"category": "malicious",
"result": "Suspicious"
},
"Trustlook": {
"method": "blacklist",
"engine_name": "Trustlook",
"engine_version": "1.0",
"engine_update": "20260526",
"category": "type-unsupported",
"result": null
},
"SymantecMobileInsight": {
"method": "blacklist",
"engine_name": "SymantecMobileInsight",
"engine_version": "2.0",
"engine_update": "20260123",
"category": "type-unsupported",
"result": null
},
"BitDefenderFalx": {
"method": "blacklist",
"engine_name": "BitDefenderFalx",
"engine_version": "2.0.936",
"engine_update": "20260525",
"category": "type-unsupported",
"result": null
},
"Avast-Mobile": {
"method": "blacklist",
"engine_name": "Avast-Mobile",
"engine_version": "260526-00",
"engine_update": "20260526",
"category": "type-unsupported",
"result": null
}
},
"total_votes": {
"harmless": 0,
"malicious": 1
},
"times_submitted": 1,
"last_analysis_date": 1779790134,
"crowdsourced_yara_results": [
{
"ruleset_id": "00c291ca7f",
"ruleset_version": "00c291ca7f|e76c93dcdedff04076380ffc60ea54e45b313635",
"ruleset_name": "indicator_packed",
"rule_name": "INDICATOR_EXE_Packed_VMProtect",
"match_date": 1779793737,
"description": "Detects executables packed with VMProtect.",
"author": "ditekSHen",
"source": "https://github.com/ditekshen/detection"
}
],
"type_tag": "pedll",
"ssdeep": "98304:qM4pvQsvoI2YBx0ZV4e8YL12tXGxI+KjitG0Bp8/qPV:qMUvQsQqBxmae86Et2eH+tl8/8",
"detectiteasy": {
"filetype": "PE64",
"values": [
{
"info": "Max protection",
"version": "1.70",
"type": "Protector",
"name": "VMProtect"
},
{
"info": "C",
"version": "19.36.33218",
"type": "Compiler",
"name": "Microsoft Visual C/C++"
},
{
"version": "14.36.33523",
"type": "Linker",
"name": "Microsoft Linker"
},
{
"version": "2022 version 17.6",
"type": "Tool",
"name": "Visual Studio"
}
]
}
}
}
}
Related Reports
2026-05-14
Kaspersky