× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2a0169443ba32a692f4b44c6a7e7476899dcb8973c1289b58c5f1f017515dfac
File name: winx-dvd-author.exe
Detection ratio: 0 / 68
Analysis date: 2018-06-24 00:48:14 UTC ( 6 months, 4 weeks ago )
Antivirus Result Update
Ad-Aware 20180623
AegisLab 20180622
AhnLab-V3 20180623
Alibaba 20180622
ALYac 20180624
Antiy-AVL 20180624
Arcabit 20180624
Avast 20180624
Avast-Mobile 20180623
AVG 20180624
Avira (no cloud) 20180623
AVware 20180624
Babable 20180406
Baidu 20180622
BitDefender 20180624
Bkav 20180623
CAT-QuickHeal 20180623
ClamAV 20180623
CMC 20180623
Comodo 20180623
CrowdStrike Falcon (ML) 20180530
Cybereason 20180225
Cylance 20180624
Cyren 20180624
DrWeb 20180624
eGambit 20180624
Emsisoft 20180624
Endgame 20180612
ESET-NOD32 20180624
F-Prot 20180624
F-Secure 20180622
Fortinet 20180624
GData 20180624
Ikarus 20180623
Sophos ML 20180601
Jiangmin 20180623
K7AntiVirus 20180623
K7GW 20180623
Kaspersky 20180623
Kingsoft 20180624
Malwarebytes 20180623
MAX 20180624
McAfee 20180624
McAfee-GW-Edition 20180623
Microsoft 20180623
eScan 20180624
NANO-Antivirus 20180624
Palo Alto Networks (Known Signatures) 20180624
Panda 20180623
Qihoo-360 20180624
Rising 20180624
SentinelOne (Static ML) 20180618
Sophos AV 20180623
SUPERAntiSpyware 20180623
Symantec 20180623
Symantec Mobile Insight 20180619
TACHYON 20180624
Tencent 20180624
TheHacker 20180622
TotalDefense 20180623
TrendMicro 20180624
TrendMicro-HouseCall 20180624
Trustlook 20180624
VBA32 20180622
VIPRE 20180624
ViRobot 20180623
Webroot 20180624
Yandex 20180622
Zillya 20180622
ZoneAlarm by Check Point 20180624
Zoner 20180623
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright

Product WinX DVD Author
File version 6.3.8
Description WinX DVD Author Setup
Comments This installation was built with Inno Setup.
Signature verification Signed file, verified signature
Signing date 4:52 AM 12/19/2016
Signers
[+] Digiarty, Inc.
Status Valid
Issuer Symantec Class 3 SHA256 Code Signing CA
Valid from 1:00 AM 1/7/2016
Valid to 12:59 AM 9/24/2018
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 70DB4927617DBB0CD2718CC27E4D6FE05F8BE10B
Serial number 0D DD 68 3D 63 0A A7 70 B5 18 7C 7F 03 8B A4 B7
[+] Symantec Class 3 SHA256 Code Signing CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 12/10/2013
Valid to 12:59 AM 12/10/2023
Valid usage Client Auth, Code Signing
Algorithm sha256RSA
Thumbprint 007790F6561DAD89B0BCD85585762495E358F8A5
Serial number 3D 78 D7 F9 76 49 60 B2 61 7D F4 F0 1E CA 86 2A
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] WoSign Time Stamping Signer
Status Valid
Issuer Certification Authority of WoSign
Valid from 2:00 AM 8/8/2009
Valid to 2:00 AM 8/8/2024
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 5409B56C89BB1A881DE1A32C950D40FD6B94C74E
Serial number 25 1F 5D 98 81 82 17 2E 3C 41 9E 01 4F B0 40 4C
[+] WoSign
Status Valid
Issuer Certification Authority of WoSign
Valid from 2:00 AM 8/8/2009
Valid to 2:00 AM 8/8/2039
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbrint B94294BF91EA8FB64BE61097C7FB001359B676CB
Serial number 5E 68 D6 11 71 94 63 50 56 00 68 F3 3E C9 C5 91
Packers identified
F-PROT INNO, appended, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-10-13 08:19:32
Entry Point 0x000113BC
Number of sections 8
PE sections
Overlays
MD5 dc26d51aa94459645d249f9d1a05b391
File type data
Offset 119296
Size 10928376
Entropy 8.00
PE imports
RegCloseKey
OpenProcessToken
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
InitCommonControls
GetLastError
GetStdHandle
GetUserDefaultLangID
GetSystemInfo
GetModuleFileNameW
WaitForSingleObject
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
GetThreadLocale
VirtualProtect
GetFileAttributesW
RtlUnwind
lstrlenW
GetExitCodeProcess
CreateProcessW
GetStartupInfoA
SizeofResource
GetWindowsDirectoryW
LocalAlloc
LockResource
GetDiskFreeSpaceW
GetCommandLineW
SetErrorMode
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
EnumCalendarInfoW
GetCPInfo
DeleteFileW
GetProcAddress
InterlockedCompareExchange
GetLocaleInfoW
lstrcpynW
RaiseException
WideCharToMultiByte
RemoveDirectoryW
SetFilePointer
GetFullPathNameW
ReadFile
GetEnvironmentVariableW
InterlockedExchange
CreateDirectoryW
WriteFile
GetCurrentProcess
CloseHandle
FindFirstFileW
GetACP
GetModuleHandleW
SignalObjectAndWait
SetEvent
FormatMessageW
LoadLibraryW
CreateEventW
GetVersion
LoadResource
FindResourceW
CreateFileW
VirtualQuery
VirtualFree
FindClose
TlsGetValue
Sleep
SetEndOfFile
TlsSetValue
ExitProcess
GetCurrentThreadId
VirtualAlloc
GetFileSize
SetLastError
ResetEvent
SysReAllocStringLen
SysFreeString
SysAllocStringLen
GetSystemMetrics
SetWindowLongW
MessageBoxW
PeekMessageW
LoadStringW
MessageBoxA
CreateWindowExW
MsgWaitForMultipleObjects
TranslateMessage
CharUpperBuffW
CallWindowProcW
CharNextW
GetKeyboardType
ExitWindowsEx
DispatchMessageW
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 4
RT_RCDATA 4
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 9
ENGLISH US 4
DUTCH 4
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
This installation was built with Inno Setup.

LinkerVersion
2.25

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
6.3.8.0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
53248

EntryPoint
0x113bc

MIMEType
application/octet-stream

FileVersion
6.3.8

TimeStamp
2013:10:13 09:19:32+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.0

ProductVersion
6.3.8

FileDescription
WinX DVD Author Setup

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
DigiartySoft, Inc.

CodeSize
65024

ProductName
WinX DVD Author

ProductVersionNumber
6.3.8.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 14a828a35accaf82e81f3243a3a1fcf0
SHA1 7a6f27b71f5a3604349d09b458611472ef35d253
SHA256 2a0169443ba32a692f4b44c6a7e7476899dcb8973c1289b58c5f1f017515dfac
ssdeep
196608:EdMTav63Li1MnLzvStNEFO4qXR82kP5uNsgylkcpXLGFrjRpqckujFLQpfth5E:EdMWv67i1MLz49y95uS7Gqcpj1ifrG

authentihash 2cb9c67e925499b9964949f0a7b03e1ff216355fcc0c2de332450dd2cb68fb97
imphash 48aa5c8931746a9655524f67b25a47ef
File size 10.5 MB ( 11047672 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Delphi generic (42.4%)
Win32 Dynamic Link Library (generic) (19.7%)
Win32 Executable (generic) (13.5%)
Win16/32 Executable Delphi generic (6.2%)
OS/2 Executable (generic) (6.0%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2016-12-20 04:16:53 UTC ( 2 years, 1 month ago )
Last submission 2017-06-16 15:46:28 UTC ( 1 year, 7 months ago )
File names 2a0169443ba32a692f4b44c6a7e7476899dcb8973c1289b58c5f1f017515dfac
winx-dvd-author(1).exe
winx-dvd-author.exe
winx-free-dvd-author-6-3-8-0.exe
winx-dvd-author.exe
Baixaki_winx-dvd-author.exe
2A0169443BA32A692F4B44C6A7E7476899DCB8973C1289B58C5F1F017515DFAC.exe
947568
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Runtime DLLs
UDP communications