File name: | Best_m_Sample |
Full analysis: | https://app.any.run/tasks/f6ea7a2a-6023-4aa0-88f7-64eab1d3fcc4 |
Verdict: | Malicious activity |
Analysis date: | June 12, 2019, 08:25:01 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | video/mp4 |
File info: | ISO Media, MP4 v2 [ISO 14496-14] |
MD5: | 10DA9A1031C74D18A0016F0CD0E5A6A0 |
SHA1: | B2C96F2E5D4CD1529B3586272F280DE8225FFCF0 |
SHA256: | A5CD69F71675FC5690928D6329AE99E671067CDD8C2F78C5263183EAA0E44390 |
SSDEEP: | 96:XuIWLaayaPacaxaOaZa4ata5aJaZai4m6pGapm6i4Gapm6pGai4J6pGm6pGapm6I:+nUnnCpQnnCUrJMwMCMt/auJYnTRo5 |
.mp4 | | | Generic MP4 container (74.9) |
---|---|---|
.abr | | | Adobe PhotoShop Brush (25) |
Rotation: | - |
---|---|
Megapixels: | 0.13 |
ImageSize: | 480x270 |
OpColor: | 0 0 0 |
---|---|
GraphicsMode: | srcCopy |
HandlerDescription: | Apple Video Media Handler |
HandlerType: | Video Track |
HandlerClass: | Media Handler |
MediaDuration: | 0:00:30 |
MediaTimeScale: | 600 |
MediaModifyDate: | 2009:10:22 09:40:16 |
MediaCreateDate: | 2009:10:22 09:40:16 |
MediaHeaderVersion: | - |
ImageHeight: | 270 |
ImageWidth: | 480 |
MatrixStructure: | 1 0 0 0 1 0 0 0 1 |
TrackVolume: | 100.00% |
TrackLayer: | - |
TrackDuration: | 0:00:30 |
TrackID: | 1 |
TrackModifyDate: | 2009:10:22 09:40:16 |
TrackCreateDate: | 2009:10:22 09:40:16 |
TrackHeaderVersion: | - |
NextTrackID: | 5 |
CurrentTime: | 0 s |
SelectionDuration: | 0 s |
SelectionTime: | 0 s |
PosterTime: | 0 s |
PreviewDuration: | 0 s |
PreviewTime: | 0 s |
PreferredVolume: | 100.00% |
PreferredRate: | 1 |
Duration: | 0:00:30 |
TimeScale: | 600 |
ModifyDate: | 2009:10:22 09:40:16 |
CreateDate: | 2009:10:22 09:40:16 |
MovieHeaderVersion: | - |
CompatibleBrands: |
|
MinorVersion: | 0.0.1 |
MajorBrand: | MP4 v2 [ISO 14496-14] |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2824 | "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\admin\AppData\Local\Temp\Best_m_Sample.mp4" | C:\Program Files\VideoLAN\VLC\vlc.exe | explorer.exe | |
User: admin Company: VideoLAN Integrity Level: MEDIUM Description: VLC media player Exit code: 0 Version: 2.2.6 | ||||
2516 | "C:\Program Files\VideoLAN\VLC\vlc.exe" | C:\Program Files\VideoLAN\VLC\vlc.exe | explorer.exe | |
User: admin Company: VideoLAN Integrity Level: MEDIUM Description: VLC media player Version: 2.2.6 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2824 | vlc.exe | C:\Users\admin\AppData\Local\Temp\VLCEFC.tmp | — | |
MD5:— | SHA256:— | |||
2824 | vlc.exe | C:\Users\admin\AppData\Roaming\vlc\vlcrc.2824 | — | |
MD5:— | SHA256:— | |||
2824 | vlc.exe | C:\Users\admin\AppData\Roaming\vlc\ml.xspf.tmp2824 | — | |
MD5:— | SHA256:— | |||
2516 | vlc.exe | C:\Users\admin\AppData\Local\Temp\vlc-3.0.7.1-win32.exe | — | |
MD5:— | SHA256:— | |||
2824 | vlc.exe | C:\Users\admin\AppData\Roaming\vlc\vlc-qt-interface.ini | text | |
MD5:FB42B7C390F248ABE0E5308314208BA6 | SHA256:1B49C365F7FA713E83C04604AF9FC716A113EB45B858AB0E42205F9153C1BE40 | |||
2824 | vlc.exe | C:\Users\admin\AppData\Roaming\vlc\vlcrc | text | |
MD5:E93B49B91A2086F13A1CCE53B4989453 | SHA256:B3AA0E46EC71CFEC09B05617941066170F1DE9684F79F99876E09F8BEE29AD6D | |||
2516 | vlc.exe | C:\Users\admin\AppData\Roaming\vlc\vlc-qt-interface.ini | text | |
MD5:9510AF9ABF0DE26040B4AAEA28B9ADB0 | SHA256:E07B48BEB757E4EE7D916F428DBC69ACA797FDBE85E317B880A39CF710DE669D | |||
2824 | vlc.exe | C:\Users\admin\AppData\Roaming\vlc\ml.xspf | xml | |
MD5:781602441469750C3219C8C38B515ED4 | SHA256:81970DBE581373D14FBD451AC4B3F96E5F69B79645F1EE1CA715CFF3AF0BF20D |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2516 | vlc.exe | GET | 302 | 62.210.246.226:80 | http://get.videolan.org/vlc/3.0.7.1/win32/vlc-3.0.7.1-win32.exe | FR | html | 120 b | malicious |
2516 | vlc.exe | GET | 206 | 88.191.250.2:80 | http://update.videolan.org/vlc/status-win-x86 | FR | text | 344 b | malicious |
2516 | vlc.exe | GET | 206 | 88.191.250.2:80 | http://update.videolan.org/vlc/status-win-x86.asc | FR | asc | 195 b | malicious |
2516 | vlc.exe | GET | 302 | 195.154.241.219:80 | http://get.videolan.org/vlc/3.0.7.1/win32/vlc-3.0.7.1-win32.exe.asc | FR | html | 124 b | suspicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2516 | vlc.exe | 88.191.250.2:80 | update.videolan.org | Free SAS | FR | malicious |
— | — | 62.210.246.226:80 | get.videolan.org | Online S.a.s. | FR | malicious |
2516 | vlc.exe | 176.9.154.218:443 | mirror.kumi.systems | Hetzner Online GmbH | DE | unknown |
2516 | vlc.exe | 195.154.241.219:80 | get.videolan.org | Online S.a.s. | FR | suspicious |
Domain | IP | Reputation |
---|---|---|
update.videolan.org |
| unknown |
get.videolan.org |
| unknown |
mirror.kumi.systems |
| suspicious |
Process | Message |
---|---|
vlc.exe | core libvlc: one instance mode ENABLED
|
vlc.exe | core libvlc: Running vlc with the default interface. Use 'cvlc' to use vlc without interface.
|
vlc.exe | core libvlc: Running vlc with the default interface. Use 'cvlc' to use vlc without interface.
|
vlc.exe | core libvlc: Status file authenticated
|
vlc.exe | gnutls tls session error: A TLS packet with unexpected length was received.
|
vlc.exe | core access error: read error: Bad file descriptor
|