analyze malware
- Huge database of samples and IOCs
- Custom VM setup
- Unlimited submissions
- Interactive approach
| File name: | f-video-converter.exe |
| Full analysis: | https://app.any.run/tasks/dcf0488d-5f6b-4b18-9855-ac2a19c9ae32 |
| Verdict: | Malicious activity |
| Analysis date: | October 20, 2020, 08:02:01 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
| Tags: | |
| Indicators: | |
| MIME: | application/x-dosexec |
| File info: | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5: | E5D302F7268CB6D8A6F4BF372FE379D5 |
| SHA1: | 313154AEEA98EE2FF2C6B0B581D7C94AE5040678 |
| SHA256: | BEAB453CB75C252FC811137E1FBF8D3C6EC5FEE57C8942E779EEEC07A0CE75C7 |
| SSDEEP: | 393216:XyIdKozWs0FiARqPQ5ZVXPnC8rQGS/49kSvVPV9EuM4cj+X:CINJ0sARtV/C8UGQ4OECp4cqX |
MALICIOUS
Loads dropped or rewritten executable
- videoconverter.exe (PID: 884)
Application was dropped or rewritten from another process
- videoconverter.exe (PID: 884)
SUSPICIOUS
Executable content was dropped or overwritten
- f-video-converter.exe (PID: 3440)
- f-video-converter.exe (PID: 1092)
- f-video-converter.tmp (PID: 3148)
Creates files in the user directory
- videoconverter.exe (PID: 884)
- f-video-converter.tmp (PID: 3148)
Reads Windows owner or organization settings
- f-video-converter.tmp (PID: 3148)
Reads the Windows organization settings
- f-video-converter.tmp (PID: 3148)
INFO
Loads dropped or rewritten executable
- f-video-converter.tmp (PID: 3148)
Application was dropped or rewritten from another process
- f-video-converter.tmp (PID: 3372)
- f-video-converter.tmp (PID: 3148)
Dropped object may contain Bitcoin addresses
- f-video-converter.tmp (PID: 3148)
Creates a software uninstall entry
- f-video-converter.tmp (PID: 3148)
Creates files in the program directory
- f-video-converter.tmp (PID: 3148)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .exe | | | Inno Setup installer (77.7) |
|---|---|---|
| .exe | | | Win32 Executable Delphi generic (10) |
| .dll | | | Win32 Dynamic Link Library (generic) (4.6) |
| .exe | | | Win32 Executable (generic) (3.1) |
| .exe | | | Win16/32 Executable Delphi generic (1.4) |
EXIF
EXE
| ProductVersion: | 5.4.23.6956 |
|---|---|
| ProductName: | Faasoft Video Converter 5.4.23.6956 |
| LegalCopyright: | - |
| FileVersion: | 5.4.23.6956 |
| FileDescription: | Faasoft Video Converter 5.4.23.6956 Setup |
| CompanyName: | Faasoft Corporation |
| Comments: | This installation was built with Inno Setup. |
| CharacterSet: | Unicode |
| LanguageCode: | Neutral |
| FileSubtype: | - |
| ObjectFileType: | Executable application |
| FileOS: | Win32 |
| FileFlags: | (none) |
| FileFlagsMask: | 0x003f |
| ProductVersionNumber: | 0.0.0.0 |
| FileVersionNumber: | 5.4.23.6956 |
| Subsystem: | Windows GUI |
| SubsystemVersion: | 5 |
| ImageVersion: | 6 |
| OSVersion: | 5 |
| EntryPoint: | 0x163c4 |
| UninitializedDataSize: | - |
| InitializedDataSize: | 60416 |
| CodeSize: | 86016 |
| LinkerVersion: | 2.25 |
| PEType: | PE32 |
| TimeStamp: | 2009:05:15 11:13:48+02:00 |
| MachineType: | Intel 386 or later, and compatibles |
Total processes
45
Monitored processes
5
Malicious processes
3
Suspicious processes
1
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process |
|---|---|---|---|---|
| 1092 | "C:\Users\admin\AppData\Local\Temp\f-video-converter.exe" | C:\Users\admin\AppData\Local\Temp\f-video-converter.exe | explorer.exe | |
User: admin Company: Faasoft Corporation Integrity Level: MEDIUM Description: Faasoft Video Converter 5.4.23.6956 Setup Exit code: 0 Version: 5.4.23.6956 | ||||
| 3372 | "C:\Users\admin\AppData\Local\Temp\is-T5B9K.tmp\f-video-converter.tmp" /SL5="$A0164,15379922,140800,C:\Users\admin\AppData\Local\Temp\f-video-converter.exe" | C:\Users\admin\AppData\Local\Temp\is-T5B9K.tmp\f-video-converter.tmp | — | f-video-converter.exe |
User: admin Integrity Level: MEDIUM Description: Setup/Uninstall Exit code: 0 Version: 51.1048.0.0 | ||||
| 3440 | "C:\Users\admin\AppData\Local\Temp\f-video-converter.exe" /SPAWNWND=$A0178 /NOTIFYWND=$A0164 | C:\Users\admin\AppData\Local\Temp\f-video-converter.exe | f-video-converter.tmp | |
User: admin Company: Faasoft Corporation Integrity Level: HIGH Description: Faasoft Video Converter 5.4.23.6956 Setup Exit code: 0 Version: 5.4.23.6956 | ||||
| 3148 | "C:\Users\admin\AppData\Local\Temp\is-56DBL.tmp\f-video-converter.tmp" /SL5="$B0138,15379922,140800,C:\Users\admin\AppData\Local\Temp\f-video-converter.exe" /SPAWNWND=$A0178 /NOTIFYWND=$A0164 | C:\Users\admin\AppData\Local\Temp\is-56DBL.tmp\f-video-converter.tmp | f-video-converter.exe | |
User: admin Integrity Level: HIGH Description: Setup/Uninstall Exit code: 0 Version: 51.1048.0.0 | ||||
| 884 | "C:\Program Files\Faasoft\Video Converter\videoconverter.exe" | C:\Program Files\Faasoft\Video Converter\videoconverter.exe | f-video-converter.tmp | |
User: admin Company: Faasoft Corporation Integrity Level: MEDIUM Description: Video Converter Version: 5.4.23.6956 | ||||
Total events
817
Read events
786
Write events
0
Delete events
0
Modification events
Executable files
44
Suspicious files
0
Text files
2
Unknown types
8
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 3148 | f-video-converter.tmp | C:\Program Files\Faasoft\Video Converter\is-8HDKT.tmp | — | |
MD5:— | SHA256:— | |||
| 3148 | f-video-converter.tmp | C:\Program Files\Faasoft\Video Converter\is-QC486.tmp | — | |
MD5:— | SHA256:— | |||
| 3148 | f-video-converter.tmp | C:\Program Files\Faasoft\Video Converter\is-ETHFR.tmp | — | |
MD5:— | SHA256:— | |||
| 3148 | f-video-converter.tmp | C:\Program Files\Faasoft\Video Converter\is-LV8QB.tmp | — | |
MD5:— | SHA256:— | |||
| 3148 | f-video-converter.tmp | C:\Program Files\Faasoft\Video Converter\is-O9F45.tmp | — | |
MD5:— | SHA256:— | |||
| 3148 | f-video-converter.tmp | C:\Program Files\Faasoft\Video Converter\is-Q1EVF.tmp | — | |
MD5:— | SHA256:— | |||
| 3148 | f-video-converter.tmp | C:\Program Files\Faasoft\Video Converter\is-04NRB.tmp | — | |
MD5:— | SHA256:— | |||
| 3148 | f-video-converter.tmp | C:\Program Files\Faasoft\Video Converter\is-28S6U.tmp | — | |
MD5:— | SHA256:— | |||
| 3148 | f-video-converter.tmp | C:\Program Files\Faasoft\Video Converter\is-R8I24.tmp | — | |
MD5:— | SHA256:— | |||
| 3148 | f-video-converter.tmp | C:\Program Files\Faasoft\Video Converter\is-L77GA.tmp | — | |
MD5:— | SHA256:— | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0
HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
DNS requests
Threats
Process | Message |
|---|---|
videoconverter.exe | Error: Cannot read file "C:/Users/admin/AppData/Roaming/Faasoft Video Converter/Profiles/Group.xml" : "No such file or directory"
|
videoconverter.exe | QMetaObject::connectSlotsByName: No matching signal for on_saveMenu_aboutToShow()
|
videoconverter.exe | QMetaObject::connectSlotsByName: No matching signal for on_comboManager_valueChanged(QtProperty*,QString)
|
videoconverter.exe | "vbrquality"
|
videoconverter.exe | Object::connect: (sender name: 'CustomItemWidget')
|
videoconverter.exe | Object::connect: (sender name: 'CustomItemWidget')
|
videoconverter.exe | Object::connect: No such slot CMainWnd::onStopTask(int)
|
videoconverter.exe | Object::connect: No such slot CMainWnd::onStopTask(int)
|
videoconverter.exe | Object::connect: (sender name: 'CustomItemWidget')
|
videoconverter.exe | Object::connect: (receiver name: 'mainWindow')
|