File name:

Best_m_Sample

Full analysis: https://app.any.run/tasks/f6ea7a2a-6023-4aa0-88f7-64eab1d3fcc4
Verdict: Malicious activity
Analysis date: June 12, 2019, 08:25:01
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
opendir
Indicators:
MIME: video/mp4
File info: ISO Media, MP4 v2 [ISO 14496-14]
MD5:

10DA9A1031C74D18A0016F0CD0E5A6A0

SHA1:

B2C96F2E5D4CD1529B3586272F280DE8225FFCF0

SHA256:

A5CD69F71675FC5690928D6329AE99E671067CDD8C2F78C5263183EAA0E44390

SSDEEP:

96:XuIWLaayaPacaxaOaZa4ata5aJaZai4m6pGapm6i4Gapm6pGai4J6pGm6pGapm6I:+nUnnCpQnnCUrJMwMCMt/auJYnTRo5

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Creates files in the user directory

      • vlc.exe (PID: 2824)

  • INFO

    • Manual execution by user

      • vlc.exe (PID: 2516)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.mp4 | Generic MP4 container (74.9)
.abr | Adobe PhotoShop Brush (25)

EXIF

QuickTime

MajorBrand: MP4 v2 [ISO 14496-14]
MinorVersion: 0.0.1
CompatibleBrands:
  • mp42
  • avc1
  • mp42
  • mp41
MovieHeaderVersion: -
CreateDate: 2009:10:22 09:40:16
ModifyDate: 2009:10:22 09:40:16
TimeScale: 600
Duration: 0:00:30
PreferredRate: 1
PreferredVolume: 100.00%
PreviewTime: 0 s
PreviewDuration: 0 s
PosterTime: 0 s
SelectionTime: 0 s
SelectionDuration: 0 s
CurrentTime: 0 s
NextTrackID: 5
TrackHeaderVersion: -
TrackCreateDate: 2009:10:22 09:40:16
TrackModifyDate: 2009:10:22 09:40:16
TrackID: 1
TrackDuration: 0:00:30
TrackLayer: -
TrackVolume: 100.00%
MatrixStructure: 1 0 0 0 1 0 0 0 1
ImageWidth: 480
ImageHeight: 270
MediaHeaderVersion: -
MediaCreateDate: 2009:10:22 09:40:16
MediaModifyDate: 2009:10:22 09:40:16
MediaTimeScale: 600
MediaDuration: 0:00:30
HandlerClass: Media Handler
HandlerType: Video Track
HandlerDescription: Apple Video Media Handler
GraphicsMode: srcCopy
OpColor: 0 0 0

Composite

ImageSize: 480x270
Megapixels: 0.13
Rotation: -
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
33
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start vlc.exe vlc.exe

Process information

PID
CMD
Path
Indicators
Parent process
2516"C:\Program Files\VideoLAN\VLC\vlc.exe" C:\Program Files\VideoLAN\VLC\vlc.exe
explorer.exe
User:
admin
Company:
VideoLAN
Integrity Level:
MEDIUM
Description:
VLC media player
Exit code:
0
Version:
2.2.6
Modules
Images
c:\program files\videolan\vlc\vlc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\videolan\vlc\libvlc.dll
c:\program files\videolan\vlc\libvlccore.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2824"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\admin\AppData\Local\Temp\Best_m_Sample.mp4"C:\Program Files\VideoLAN\VLC\vlc.exe
explorer.exe
User:
admin
Company:
VideoLAN
Integrity Level:
MEDIUM
Description:
VLC media player
Exit code:
0
Version:
2.2.6
Modules
Images
c:\program files\videolan\vlc\vlc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\videolan\vlc\libvlc.dll
c:\program files\videolan\vlc\libvlccore.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
381
Read events
381
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
5
Unknown types
0

Dropped files

PID
Process
Filename
Type
2824vlc.exeC:\Users\admin\AppData\Local\Temp\VLCEFC.tmp
MD5:
SHA256:
2824vlc.exeC:\Users\admin\AppData\Roaming\vlc\vlcrc.2824
MD5:
SHA256:
2824vlc.exeC:\Users\admin\AppData\Roaming\vlc\ml.xspf.tmp2824
MD5:
SHA256:
2516vlc.exeC:\Users\admin\AppData\Local\Temp\vlc-3.0.7.1-win32.exe
MD5:
SHA256:
2824vlc.exeC:\Users\admin\AppData\Roaming\vlc\vlc-qt-interface.initext
MD5:
SHA256:
2824vlc.exeC:\Users\admin\AppData\Roaming\vlc\vlcrctext
MD5:
SHA256:
2516vlc.exeC:\Users\admin\AppData\Roaming\vlc\vlc-qt-interface.initext
MD5:
SHA256:
2824vlc.exeC:\Users\admin\AppData\Roaming\vlc\ml.xspfxml
MD5:781602441469750C3219C8C38B515ED4
SHA256:81970DBE581373D14FBD451AC4B3F96E5F69B79645F1EE1CA715CFF3AF0BF20D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4
TCP/UDP connections
6
DNS requests
4
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2516
vlc.exe
GET
302
62.210.246.226:80
http://get.videolan.org/vlc/3.0.7.1/win32/vlc-3.0.7.1-win32.exe
FR
html
120 b
malicious
2516
vlc.exe
GET
302
195.154.241.219:80
http://get.videolan.org/vlc/3.0.7.1/win32/vlc-3.0.7.1-win32.exe.asc
FR
html
124 b
suspicious
2516
vlc.exe
GET
206
88.191.250.2:80
http://update.videolan.org/vlc/status-win-x86
FR
text
344 b
malicious
2516
vlc.exe
GET
206
88.191.250.2:80
http://update.videolan.org/vlc/status-win-x86.asc
FR
asc
195 b
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2516
vlc.exe
88.191.250.2:80
update.videolan.org
Free SAS
FR
malicious
62.210.246.226:80
get.videolan.org
Online S.a.s.
FR
malicious
2516
vlc.exe
176.9.154.218:443
mirror.kumi.systems
Hetzner Online GmbH
DE
unknown
2516
vlc.exe
195.154.241.219:80
get.videolan.org
Online S.a.s.
FR
suspicious

DNS requests

Domain
IP
Reputation
update.videolan.org
  • 88.191.250.2
unknown
get.videolan.org
  • 62.210.246.226
  • 195.154.241.219
unknown
mirror.kumi.systems
  • 176.9.154.218
suspicious

Threats

No threats detected
Process
Message
vlc.exe
core libvlc: one instance mode ENABLED
vlc.exe
core libvlc: Running vlc with the default interface. Use 'cvlc' to use vlc without interface.
vlc.exe
core libvlc: Running vlc with the default interface. Use 'cvlc' to use vlc without interface.
vlc.exe
core libvlc: Status file authenticated
vlc.exe
gnutls tls session error: A TLS packet with unexpected length was received.
vlc.exe
core access error: read error: Bad file descriptor
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Best_m_Sample