How NOD32 deal with .exe file with shell which added by a cracked copy of VMProtect

well, since I know, there are lots of people think the effect would be same while adding protection to .exe file, with a licensed VMProtect or a cracked copy.
But recently, I got a case showing that a secure and clean executable file is danger, and the reason is this .exe file was protected by a cracked VMProtect.
So, I wonder how NOD32 analyze such file and, do licensed VMProtect and cracked VMProtect can really get same effect?

 

in additional, how could the software detect the VMProtect is a cracked copy? Since in my test, many antivirus soft do not report this sample.

 

If you think the file is detected in error, submit it to the ESET Malware Lab as per the instructions here.

 

already sent.

 

Unfortunately, I couldn't find any recent submission with a VMProtect detection. However, I was assured that those detections are not False positives if detected as a Trojan.

 

Marcos, previously the sample is sent by zhu.....ng@version-2.com.cn, so I think you have already got it. I resent it to samples#eset.com.

Edit: email address obfuscated to secure personal data.