× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 308f35425aa93df16574468814b813bf094b40fe48bcab5112368d55fe9feae2
File name: DivXInstaller.exe
Detection ratio: 0 / 68
Analysis date: 2018-02-11 23:05:01 UTC ( 1 week, 1 day ago ) View latest
Antivirus Result Update
Ad-Aware 20180211
AegisLab 20180211
AhnLab-V3 20180211
Alibaba 20180209
ALYac 20180211
Antiy-AVL 20180211
Arcabit 20180211
Avast 20180211
Avast-Mobile 20180211
AVG 20180211
Avira (no cloud) 20180211
AVware 20180210
Baidu 20180208
BitDefender 20180211
Bkav 20180209
CAT-QuickHeal 20180211
ClamAV 20180211
CMC 20180211
Comodo 20180211
CrowdStrike Falcon (ML) 20170201
Cybereason 20180205
Cylance 20180212
Cyren 20180211
DrWeb 20180211
eGambit 20180212
Emsisoft 20180211
Endgame 20171130
ESET-NOD32 20180211
F-Prot 20180211
F-Secure 20180211
Fortinet 20180211
GData 20180211
Ikarus 20180211
Sophos ML 20180121
Jiangmin 20180211
K7AntiVirus 20180211
K7GW 20180211
Kaspersky 20180211
Kingsoft 20180212
Malwarebytes 20180211
MAX 20180212
McAfee 20180211
McAfee-GW-Edition 20180211
Microsoft 20180211
eScan 20180211
NANO-Antivirus 20180211
nProtect 20180209
Palo Alto Networks (Known Signatures) 20180212
Panda 20180211
Qihoo-360 20180212
Rising 20180211
SentinelOne (Static ML) 20180115
Sophos AV 20180211
SUPERAntiSpyware 20180211
Symantec 20180211
Symantec Mobile Insight 20180209
Tencent 20180212
TheHacker 20180208
TotalDefense 20180211
TrendMicro 20180211
TrendMicro-HouseCall 20180211
Trustlook 20180212
VBA32 20180209
VIPRE 20180211
ViRobot 20180211
Webroot 20180212
WhiteArmor 20180205
Yandex 20180210
Zillya 20180209
ZoneAlarm by Check Point 20180211
Zoner 20180211
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
2017 DivX, LLC.

Product DivX Setup
Original name DivXSetup.exe
Internal name WRX
File version 3.0.0.224
Description DivX Setup
Signature verification Signed file, verified signature
Signing date 2:04 PM 2/13/2017
Signers
[+] DivX, LLC
Status Valid
Issuer Symantec Class 3 SHA256 Code Signing CA
Valid from 1:00 AM 2/6/2017
Valid to 12:59 AM 4/8/2018
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 70747DDDB697467220B713D82FE5B012322F06D5
Serial number 31 05 1D 4B B5 7D 31 14 9E 13 C9 1E F9 20 90 A2
[+] Symantec Class 3 SHA256 Code Signing CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 12/10/2013
Valid to 12:59 AM 12/10/2023
Valid usage Client Auth, Code Signing
Algorithm sha256RSA
Thumbprint 007790F6561DAD89B0BCD85585762495E358F8A5
Serial number 3D 78 D7 F9 76 49 60 B2 61 7D F4 F0 1E CA 86 2A
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-10 02:52:58
Entry Point 0x000D276F
Number of sections 5
PE sections
Overlays
MD5 79f26d1471a7a226efa526dab63eebf6
File type data
Offset 2427904
Size 6088
Entropy 7.36
PE imports
RegCreateKeyExW
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueW
RegDeleteKeyW
CryptHashData
RegQueryValueExW
CryptCreateHash
RegisterEventSourceW
OpenProcessToken
DeregisterEventSource
RegOpenKeyExW
CryptReleaseContext
GetUserNameW
RegQueryInfoKeyW
RegDeleteValueW
RegEnumKeyExW
CryptAcquireContextW
CryptDestroyHash
RegEnumValueW
RegSetValueExW
FreeSid
CryptGetHashParam
ReportEventW
AllocateAndInitializeSid
CheckTokenMembership
CertFreeCertificateContext
CertCloseStore
CryptQueryObject
CertFindCertificateInStore
CryptMsgGetParam
CertGetNameStringW
CryptMsgClose
TextOutW
CreateFontIndirectW
CreatePen
GetDeviceCaps
CreateCompatibleDC
DeleteDC
SetBkMode
DeleteObject
GetObjectW
BitBlt
CreateDIBSection
SetTextColor
CreatePatternBrush
ExtTextOutW
GetStockObject
RoundRect
StretchBlt
SelectObject
SetDIBColorTable
CreateSolidBrush
SetBkColor
GetTextExtentPoint32W
CreateCompatibleBitmap
SetThreadLocale
GetStdHandle
GetDriveTypeW
ReleaseMutex
FileTimeToSystemTime
WaitForSingleObject
SetEndOfFile
HeapDestroy
SignalObjectAndWait
CreateTimerQueue
GetFileAttributesW
DuplicateHandle
VerifyVersionInfoW
CreatePipe
GetCurrentProcess
GetConsoleMode
UnhandledExceptionFilter
FreeEnvironmentStringsW
InitializeSListHead
InterlockedPopEntrySList
GetLocaleInfoW
SetStdHandle
GetCPInfo
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
GetThreadTimes
Thread32First
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
FormatMessageW
IsWow64Process
GetThreadPriority
GetExitCodeProcess
FreeLibraryAndExitThread
InitializeCriticalSection
OutputDebugStringW
GlobalHandle
FindFirstFileW
AllocConsole
TlsGetValue
FormatMessageA
GetFullPathNameW
EncodePointer
OutputDebugStringA
InterlockedPushEntrySList
SetLastError
PeekNamedPipe
DeviceIoControl
ReadConsoleInputA
CopyFileW
ReadFile
LoadResource
RemoveDirectoryW
IsDebuggerPresent
HeapAlloc
LoadLibraryA
VerSetConditionMask
GetPriorityClass
GetCurrentDirectoryW
SetConsoleCtrlHandler
GetUserDefaultLCID
FindClose
EnumSystemLocalesW
LoadLibraryExW
MultiByteToWideChar
SystemTimeToTzSpecificLocalTime
SetFilePointerEx
DeleteTimerQueueTimer
FlushInstructionCache
RegisterWaitForSingleObject
CreateThread
MoveFileExW
InterlockedFlushSList
DeleteCriticalSection
GetExitCodeThread
CreateSemaphoreW
CreateMutexW
MulDiv
IsProcessorFeaturePresent
ExitThread
DecodePointer
SetEnvironmentVariableA
GlobalMemoryStatus
SetUnhandledExceptionFilter
InterlockedDecrement
GetModuleHandleExW
GlobalAlloc
GetDiskFreeSpaceExW
CreateEventW
ReadConsoleW
GetVersion
LeaveCriticalSection
SleepEx
WriteConsoleW
CreateToolhelp32Snapshot
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
TerminateThread
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
lstrcmpiW
RtlUnwind
GetWindowsDirectoryW
ChangeTimerQueueTimer
OpenProcess
GetModuleHandleW
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
GetTempFileNameW
QueryDepthSList
CompareStringW
GetModuleFileNameW
GetFileInformationByHandle
FindNextFileW
GetCurrentThreadId
CreateTimerQueueTimer
Thread32Next
IsValidLocale
lstrcmpW
FindFirstFileExW
ExpandEnvironmentStringsA
SetEvent
GetProcessAffinityMask
GetTimeZoneInformation
CreateFileW
GetEnvironmentVariableW
GetFileType
TlsSetValue
ExitProcess
InterlockedIncrement
GetLastError
FlushConsoleInputBuffer
LCMapStringW
GetSystemInfo
GlobalFree
GetConsoleCP
FindResourceW
UnregisterWaitEx
GetTimeFormatW
GetEnvironmentStringsW
GlobalUnlock
QueryPerformanceFrequency
GetUserGeoID
lstrlenW
Process32NextW
VirtualFree
WaitForSingleObjectEx
Module32FirstW
FileTimeToLocalFileTime
SizeofResource
UnregisterWait
GetCurrentProcessId
LockResource
GetCommandLineW
WideCharToMultiByte
HeapSize
SetThreadAffinityMask
Process32FirstW
GetCurrentThread
SetConsoleTitleW
RaiseException
ReleaseSemaphore
TlsFree
GetModuleHandleA
Module32NextW
CloseHandle
OpenMutexW
GetACP
GlobalLock
GetGeoInfoW
FreeResource
SwitchToThread
GetFileAttributesExW
SetThreadUILanguage
GetLogicalProcessorInformation
GetNumaHighestNodeNumber
IsValidCodePage
SetConsoleMode
FindResourceExW
VirtualQuery
CreateProcessW
WaitForMultipleObjects
Sleep
TerminateProcess
SetThreadPriority
VirtualAlloc
VarUI4FromStr
VarBstrCat
SysStringLen
LoadRegTypeLib
SysAllocStringLen
OleCreateFontIndirect
VariantClear
SysAllocString
DispCallFunc
LoadTypeLib
SysFreeString
VariantInit
SHCreateDirectoryExW
SHBrowseForFolderW
ShellExecuteW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW
SHGetSpecialFolderPathW
CommandLineToArgvW
PathIsNetworkPathW
PathIsRootW
SHDeleteKeyW
PathGetDriveNumberW
PathIsFileSpecW
PathFindFileNameW
PathFileExistsW
PathIsUNCW
PathAppendW
PathBuildRootW
StrFormatByteSizeW
PathSkipRootW
UrlCreateFromPathW
PathStripToRootW
PathRemoveBlanksW
PathCombineW
PathRemoveBackslashW
MapWindowPoints
RedrawWindow
DestroyWindow
SetWindowPos
IsWindow
EndPaint
GetDC
GetCursorPos
MapDialogRect
GetDlgCtrlID
SendMessageW
UnregisterClassW
GetClientRect
CreateAcceleratorTableW
GetActiveWindow
GetWindowTextW
GetWindowTextLengthW
InvalidateRgn
PtInRect
DrawEdge
GetUserObjectInformationW
GetClassInfoExW
UpdateWindow
ShowWindow
EnableWindow
GetSystemMenu
IsWindowEnabled
GetWindow
EnableMenuItem
DrawFocusRect
SetTimer
IsDialogMessageW
FillRect
SetWindowContextHelpId
CreateWindowExW
GetWindowLongW
CharNextW
IsChild
SetFocus
RegisterWindowMessageW
GetMonitorInfoW
BeginPaint
DefWindowProcW
KillTimer
TrackMouseEvent
GetParent
GetSystemMetrics
SetWindowLongW
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
SendDlgItemMessageW
GetProcessWindowStation
CheckDlgButton
CreateDialogParamW
SetWindowTextW
GetDlgItem
ClientToScreen
PostMessageW
DialogBoxIndirectParamW
IsDlgButtonChecked
DestroyAcceleratorTable
GetDesktopWindow
LoadCursorW
LoadIconW
SetForegroundWindow
ExitWindowsEx
ReleaseDC
EndDialog
CopyRect
GetCapture
ScreenToClient
MessageBoxW
GetMenu
RegisterClassExW
MoveWindow
DialogBoxParamW
AdjustWindowRectEx
GetSysColor
SetDlgItemTextW
GetKeyState
IsWindowVisible
SystemParametersInfoW
MonitorFromWindow
SetRect
InvalidateRect
CallWindowProcW
GetClassNameW
GetFocus
wsprintfW
SetCursor
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
InternetCheckConnectionW
InternetCanonicalizeUrlW
InternetGetConnectedState
DeleteUrlCacheEntryW
WinVerifyTrust
accept
ioctlsocket
WSAStartup
connect
getsockname
htons
WSASetLastError
WSAGetLastError
gethostname
getsockopt
closesocket
send
ntohs
select
listen
__WSAFDIsSet
WSACleanup
gethostbyname
getpeername
recv
WSAIoctl
setsockopt
socket
bind
recvfrom
sendto
GdipCreateBitmapFromScan0
GdiplusShutdown
GdipGetImagePalette
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePaletteSize
GdipAlloc
GdipFree
GdipCloneImage
GdiplusStartup
GdipGetImagePixelFormat
GdipDrawImageI
GdipDisposeImage
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipCreateBitmapFromStream
CreateStreamOnHGlobal
OleLockRunning
CLSIDFromProgID
CoInitialize
CoTaskMemAlloc
CoGetClassObject
CoTaskMemRealloc
CoCreateInstance
OleUninitialize
CoUninitialize
CoTaskMemFree
CLSIDFromString
StringFromGUID2
OleInitialize
CoInternetSetFeatureEnabled
Number of PE resources by type
RT_STRING 133
RT_DIALOG 27
RT_ICON 4
Struct(240) 3
RT_HTML 2
XML 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 45
GERMAN 16
FRENCH 13
PORTUGUESE BRAZILIAN 13
RUSSIAN 13
CHINESE TRADITIONAL 12
JAPANESE DEFAULT 12
CHINESE SIMPLIFIED 12
SPANISH MODERN 12
KOREAN 12
ITALIAN 12
NEUTRAL 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

InitializedDataSize
652800

ImageVersion
0.0

ProductName
DivX Setup

FileVersionNumber
3.0.0.224

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
12.0

FileTypeExtension
exe

OriginalFileName
DivXSetup.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
3.0.0.224

TimeStamp
2017:02:10 03:52:58+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
WRX

ProductVersion
3.0.0.224

FileDescription
DivX Setup

OSVersion
5.1

FileOS
Win32

LegalCopyright
2017 DivX, LLC.

MachineType
Intel 386 or later, and compatibles

CompanyName
DivX, LLC

CodeSize
1774080

FileSubtype
0

ProductVersionNumber
3.0.0.224

EntryPoint
0xd276f

ObjectFileType
Unknown

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Execution parents
Compressed bundles
File identification
MD5 6d4006c7edf1588a7b5ee8138d9436ab
SHA1 1b30678b8eabf6d84be432e98e6577441fd0e356
SHA256 308f35425aa93df16574468814b813bf094b40fe48bcab5112368d55fe9feae2
ssdeep
49152:pRBWuLEeV0rzi6ue+Xv/VtB3UIVlfk6nmchBnTu4CShfZV:82EeV0rmhe+X3VtBEIV9HzV

authentihash 55e06b398a1e6c9f0768d65451a368a74c0bdfb72379d0c0a070338cd6d12488
imphash b463605bda7ffd5c8371d9ad2a20de5b
File size 2.3 MB ( 2433992 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (76.4%)
Win32 Executable (generic) (12.4%)
Generic Win/DOS Executable (5.5%)
DOS Executable Generic (5.5%)
Tags
peexe via-tor overlay

VirusTotal metadata
First submission 2017-03-15 07:21:37 UTC ( 11 months, 1 week ago )
Last submission 2018-02-19 09:31:50 UTC ( 1 day, 6 hours ago )
File names DivXInstaller_10.8.exe
dxaA39.tmp
divx-1082.exe
divx373installer(1).exe
DivXInstaller_v10.7.3.exe
DivXInstaller (1).exe
dxaCDCC.tmp
dxaA762.tmp
divxinstaller.exe
DivXInstaller.exe
DivXInstaller_2.exe
DivX Player.exe
DivXInstaller.exe
dxa1368.tmp
DivXInstaller(1).exe
dxa595E.tmp
DivXSetup.exe
(scanned by xetcom.com).divx.setup.exe
sample.exe
DivXInstaller.exe
991761
divxinstaller[1].exe
DivXSetup.exe
divxsetup.exe
dxa8b94.tmp
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created mutexes
Opened mutexes
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications