× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 308f35425aa93df16574468814b813bf094b40fe48bcab5112368d55fe9feae2
File name: DivXInstaller.exe
Detection ratio: 0 / 68
Analysis date: 2018-06-12 10:24:02 UTC ( 1 week, 5 days ago ) View latest
Antivirus Result Update
Ad-Aware 20180612
AegisLab 20180612
AhnLab-V3 20180612
Alibaba 20180612
ALYac 20180612
Antiy-AVL 20180612
Arcabit 20180612
Avast 20180612
Avast-Mobile 20180612
AVG 20180612
Avira (no cloud) 20180612
AVware 20180612
Babable 20180406
Baidu 20180612
BitDefender 20180612
Bkav 20180612
CAT-QuickHeal 20180612
ClamAV 20180612
CMC 20180611
Comodo 20180612
CrowdStrike Falcon (ML) 20180530
Cybereason 20180225
Cylance 20180612
Cyren 20180612
DrWeb 20180612
eGambit 20180612
Emsisoft 20180612
Endgame 20180507
ESET-NOD32 20180612
F-Prot 20180612
F-Secure 20180612
Fortinet 20180612
GData 20180612
Ikarus 20180612
Sophos ML 20180601
Jiangmin 20180612
K7AntiVirus 20180612
K7GW 20180612
Kaspersky 20180612
Kingsoft 20180612
Malwarebytes 20180612
MAX 20180612
McAfee 20180612
McAfee-GW-Edition 20180612
Microsoft 20180612
eScan 20180612
NANO-Antivirus 20180612
Palo Alto Networks (Known Signatures) 20180612
Panda 20180611
Qihoo-360 20180612
Rising 20180612
SentinelOne (Static ML) 20180225
Sophos AV 20180612
SUPERAntiSpyware 20180612
Symantec 20180612
Symantec Mobile Insight 20180605
TACHYON 20180612
Tencent 20180612
TheHacker 20180608
TotalDefense 20180612
TrendMicro 20180612
TrendMicro-HouseCall 20180612
Trustlook 20180612
VBA32 20180612
VIPRE 20180612
ViRobot 20180612
Webroot 20180612
Yandex 20180609
Zillya 20180611
ZoneAlarm by Check Point 20180612
Zoner 20180612
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
2017 DivX, LLC.

Product DivX Setup
Original name DivXSetup.exe
Internal name WRX
File version 3.0.0.224
Description DivX Setup
Signature verification Signed file, verified signature
Signing date 2:04 PM 2/13/2017
Signers
[+] DivX, LLC
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Symantec Class 3 SHA256 Code Signing CA
Valid from 1:00 AM 2/6/2017
Valid to 12:59 AM 4/8/2018
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 70747DDDB697467220B713D82FE5B012322F06D5
Serial number 31 05 1D 4B B5 7D 31 14 9E 13 C9 1E F9 20 90 A2
[+] Symantec Class 3 SHA256 Code Signing CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 12/10/2013
Valid to 12:59 AM 12/10/2023
Valid usage Client Auth, Code Signing
Algorithm sha256RSA
Thumbprint 007790F6561DAD89B0BCD85585762495E358F8A5
Serial number 3D 78 D7 F9 76 49 60 B2 61 7D F4 F0 1E CA 86 2A
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-10 02:52:58
Entry Point 0x000D276F
Number of sections 5
PE sections
Overlays
MD5 79f26d1471a7a226efa526dab63eebf6
File type data
Offset 2427904
Size 6088
Entropy 7.36
PE imports
RegCreateKeyExW
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueW
RegDeleteKeyW
CryptHashData
RegQueryValueExW
CryptCreateHash
RegisterEventSourceW
OpenProcessToken
DeregisterEventSource
RegOpenKeyExW
CryptReleaseContext
GetUserNameW
RegQueryInfoKeyW
RegDeleteValueW
RegEnumKeyExW
CryptAcquireContextW
CryptDestroyHash
RegEnumValueW
RegSetValueExW
FreeSid
CryptGetHashParam
ReportEventW
AllocateAndInitializeSid
CheckTokenMembership
CertFreeCertificateContext
CertCloseStore
CryptQueryObject
CertFindCertificateInStore
CryptMsgGetParam
CertGetNameStringW
CryptMsgClose
TextOutW
CreateFontIndirectW
CreatePen
GetDeviceCaps
CreateCompatibleDC
DeleteDC
SetBkMode
DeleteObject
GetObjectW
BitBlt
CreateDIBSection
SetTextColor
CreatePatternBrush
ExtTextOutW
GetStockObject
RoundRect
StretchBlt
SelectObject
SetDIBColorTable
CreateSolidBrush
SetBkColor
GetTextExtentPoint32W
CreateCompatibleBitmap
SetThreadLocale
GetStdHandle
GetDriveTypeW
ReleaseMutex
FileTimeToSystemTime
WaitForSingleObject
SetEndOfFile
HeapDestroy
SignalObjectAndWait
CreateTimerQueue
GetFileAttributesW
DuplicateHandle
VerifyVersionInfoW
CreatePipe
GetCurrentProcess
GetConsoleMode
UnhandledExceptionFilter
FreeEnvironmentStringsW
InitializeSListHead
InterlockedPopEntrySList
GetLocaleInfoW
SetStdHandle
GetCPInfo
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
GetThreadTimes
Thread32First
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
FormatMessageW
IsWow64Process
GetThreadPriority
GetExitCodeProcess
FreeLibraryAndExitThread
InitializeCriticalSection
OutputDebugStringW
GlobalHandle
FindFirstFileW
AllocConsole
TlsGetValue
FormatMessageA
GetFullPathNameW
EncodePointer
OutputDebugStringA
InterlockedPushEntrySList
SetLastError
PeekNamedPipe
DeviceIoControl
ReadConsoleInputA
CopyFileW
ReadFile
LoadResource
RemoveDirectoryW
IsDebuggerPresent
HeapAlloc
LoadLibraryA
VerSetConditionMask
GetPriorityClass
GetCurrentDirectoryW
SetConsoleCtrlHandler
GetUserDefaultLCID
FindClose
EnumSystemLocalesW
LoadLibraryExW
MultiByteToWideChar
SystemTimeToTzSpecificLocalTime
SetFilePointerEx
DeleteTimerQueueTimer
FlushInstructionCache
RegisterWaitForSingleObject
CreateThread
MoveFileExW
InterlockedFlushSList
DeleteCriticalSection
GetExitCodeThread
CreateSemaphoreW
CreateMutexW
MulDiv
IsProcessorFeaturePresent
ExitThread
DecodePointer
SetEnvironmentVariableA
GlobalMemoryStatus
SetUnhandledExceptionFilter
InterlockedDecrement
GetModuleHandleExW
GlobalAlloc
GetDiskFreeSpaceExW
CreateEventW
ReadConsoleW
GetVersion
LeaveCriticalSection
SleepEx
WriteConsoleW
CreateToolhelp32Snapshot
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
TerminateThread
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
lstrcmpiW
RtlUnwind
GetWindowsDirectoryW
ChangeTimerQueueTimer
OpenProcess
GetModuleHandleW
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
GetTempFileNameW
QueryDepthSList
CompareStringW
GetModuleFileNameW
GetFileInformationByHandle
FindNextFileW
GetCurrentThreadId
CreateTimerQueueTimer
Thread32Next
IsValidLocale
lstrcmpW
FindFirstFileExW
ExpandEnvironmentStringsA
SetEvent
GetProcessAffinityMask
GetTimeZoneInformation
CreateFileW
GetEnvironmentVariableW
GetFileType
TlsSetValue
ExitProcess
InterlockedIncrement
GetLastError
FlushConsoleInputBuffer
LCMapStringW
GetSystemInfo
GlobalFree
GetConsoleCP
FindResourceW
UnregisterWaitEx
GetTimeFormatW
GetEnvironmentStringsW
GlobalUnlock
QueryPerformanceFrequency
GetUserGeoID
lstrlenW
Process32NextW
VirtualFree
WaitForSingleObjectEx
Module32FirstW
FileTimeToLocalFileTime
SizeofResource
UnregisterWait
GetCurrentProcessId
LockResource
GetCommandLineW
WideCharToMultiByte
HeapSize
SetThreadAffinityMask
Process32FirstW
GetCurrentThread
SetConsoleTitleW
RaiseException
ReleaseSemaphore
TlsFree
GetModuleHandleA
Module32NextW
CloseHandle
OpenMutexW
GetACP
GlobalLock
GetGeoInfoW
FreeResource
SwitchToThread
GetFileAttributesExW
SetThreadUILanguage
GetLogicalProcessorInformation
GetNumaHighestNodeNumber
IsValidCodePage
SetConsoleMode
FindResourceExW
VirtualQuery
CreateProcessW
WaitForMultipleObjects
Sleep
TerminateProcess
SetThreadPriority
VirtualAlloc
VarUI4FromStr
VarBstrCat
SysStringLen
LoadRegTypeLib
SysAllocStringLen
OleCreateFontIndirect
VariantClear
SysAllocString
DispCallFunc
LoadTypeLib
SysFreeString
VariantInit
SHCreateDirectoryExW
SHBrowseForFolderW
ShellExecuteW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW
SHGetSpecialFolderPathW
CommandLineToArgvW
PathIsNetworkPathW
PathIsRootW
SHDeleteKeyW
PathGetDriveNumberW
PathIsFileSpecW
PathFindFileNameW
PathFileExistsW
PathIsUNCW
PathAppendW
PathBuildRootW
StrFormatByteSizeW
PathSkipRootW
UrlCreateFromPathW
PathStripToRootW
PathRemoveBlanksW
PathCombineW
PathRemoveBackslashW
MapWindowPoints
RedrawWindow
DestroyWindow
SetWindowPos
IsWindow
EndPaint
GetDC
GetCursorPos
MapDialogRect
GetDlgCtrlID
SendMessageW
UnregisterClassW
GetClientRect
CreateAcceleratorTableW
GetActiveWindow
GetWindowTextW
GetWindowTextLengthW
InvalidateRgn
PtInRect
DrawEdge
GetUserObjectInformationW
GetClassInfoExW
UpdateWindow
ShowWindow
EnableWindow
GetSystemMenu
IsWindowEnabled
GetWindow
EnableMenuItem
DrawFocusRect
SetTimer
IsDialogMessageW
FillRect
SetWindowContextHelpId
CreateWindowExW
GetWindowLongW
CharNextW
IsChild
SetFocus
RegisterWindowMessageW
GetMonitorInfoW
BeginPaint
DefWindowProcW
KillTimer
TrackMouseEvent
GetParent
GetSystemMetrics
SetWindowLongW
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
SendDlgItemMessageW
GetProcessWindowStation
CheckDlgButton
CreateDialogParamW
SetWindowTextW
GetDlgItem
ClientToScreen
PostMessageW
DialogBoxIndirectParamW
IsDlgButtonChecked
DestroyAcceleratorTable
GetDesktopWindow
LoadCursorW
LoadIconW
SetForegroundWindow
ExitWindowsEx
ReleaseDC
EndDialog
CopyRect
GetCapture
ScreenToClient
MessageBoxW
GetMenu
RegisterClassExW
MoveWindow
DialogBoxParamW
AdjustWindowRectEx
GetSysColor
SetDlgItemTextW
GetKeyState
IsWindowVisible
SystemParametersInfoW
MonitorFromWindow
SetRect
InvalidateRect
CallWindowProcW
GetClassNameW
GetFocus
wsprintfW
SetCursor
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
InternetCheckConnectionW
InternetCanonicalizeUrlW
InternetGetConnectedState
DeleteUrlCacheEntryW
WinVerifyTrust
accept
ioctlsocket
WSAStartup
connect
getsockname
htons
WSASetLastError
WSAGetLastError
gethostname
getsockopt
closesocket
send
ntohs
select
listen
__WSAFDIsSet
WSACleanup
gethostbyname
getpeername
recv
WSAIoctl
setsockopt
socket
bind
recvfrom
sendto
GdipCreateBitmapFromScan0
GdiplusShutdown
GdipGetImagePalette
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePaletteSize
GdipAlloc
GdipFree
GdipCloneImage
GdiplusStartup
GdipGetImagePixelFormat
GdipDrawImageI
GdipDisposeImage
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipCreateBitmapFromStream
CreateStreamOnHGlobal
OleLockRunning
CLSIDFromProgID
CoInitialize
CoTaskMemAlloc
CoGetClassObject
CoTaskMemRealloc
CoCreateInstance
OleUninitialize
CoUninitialize
CoTaskMemFree
CLSIDFromString
StringFromGUID2
OleInitialize
CoInternetSetFeatureEnabled
Number of PE resources by type
RT_STRING 133
RT_DIALOG 27
RT_ICON 4
Struct(240) 3
RT_HTML 2
XML 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 45
GERMAN 16
FRENCH 13
PORTUGUESE BRAZILIAN 13
RUSSIAN 13
CHINESE TRADITIONAL 12
JAPANESE DEFAULT 12
CHINESE SIMPLIFIED 12
SPANISH MODERN 12
KOREAN 12
ITALIAN 12
NEUTRAL 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
652800

ImageVersion
0.0

ProductName
DivX Setup

FileVersionNumber
3.0.0.224

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
DivX Setup

CharacterSet
Unicode

LinkerVersion
12.0

FileTypeExtension
exe

OriginalFileName
DivXSetup.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
3.0.0.224

TimeStamp
2017:02:10 03:52:58+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
WRX

ProductVersion
3.0.0.224

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Win32

LegalCopyright
2017 DivX, LLC.

MachineType
Intel 386 or later, and compatibles

CompanyName
DivX, LLC

CodeSize
1774080

FileSubtype
0

ProductVersionNumber
3.0.0.224

EntryPoint
0xd276f

ObjectFileType
Unknown

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Execution parents
Compressed bundles
File identification
MD5 6d4006c7edf1588a7b5ee8138d9436ab
SHA1 1b30678b8eabf6d84be432e98e6577441fd0e356
SHA256 308f35425aa93df16574468814b813bf094b40fe48bcab5112368d55fe9feae2
ssdeep
49152:pRBWuLEeV0rzi6ue+Xv/VtB3UIVlfk6nmchBnTu4CShfZV:82EeV0rmhe+X3VtBEIV9HzV

authentihash 55e06b398a1e6c9f0768d65451a368a74c0bdfb72379d0c0a070338cd6d12488
imphash b463605bda7ffd5c8371d9ad2a20de5b
File size 2.3 MB ( 2433992 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
peexe overlay signed via-tor

VirusTotal metadata
First submission 2017-03-15 07:21:37 UTC ( 1 year, 3 months ago )
Last submission 2018-06-13 21:52:28 UTC ( 1 week, 3 days ago )
File names DivXInstaller_10.8.exe
DivXInstaller86.exe
dxaA39.tmp
divx-1082.exe
divxinstaller.exe
divx373installer(1).exe
DivXInstaller_v10.7.3.exe
DivXInstaller (1).exe
dxaCDCC.tmp
dxaA762.tmp
divxinstaller.exe
DivXInstaller.exe
DivXInstaller_2.exe
DivX Player.exe
DivXInstaller.exe
dxa1368.tmp
DivXInstaller(1).exe
dxa595E.tmp
DivXSetup.exe
(scanned by xetcom.com).divx.setup.exe
sample.exe
DivXInstaller.exe
output.31611071.txt
991761
divxinstaller[1].exe
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created mutexes
Opened mutexes
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications