× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 94401c6d160697f94df329bb1f3eaa789c9204b2f452d1dd112189ae561c357c
File name: video-editor_setup_full846.exe
Detection ratio: 0 / 61
Analysis date: 2017-06-02 18:41:09 UTC ( 1 year, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware 20170602
AegisLab 20170602
AhnLab-V3 20170602
Alibaba 20170602
ALYac 20170602
Antiy-AVL 20170602
Arcabit 20170602
Avast 20170602
AVG 20170602
Avira (no cloud) 20170602
AVware 20170602
Baidu 20170601
BitDefender 20170602
Bkav 20170602
CAT-QuickHeal 20170602
ClamAV 20170602
CMC 20170602
Comodo 20170602
CrowdStrike Falcon (ML) 20170420
Cyren 20170602
DrWeb 20170602
Emsisoft 20170602
Endgame 20170515
ESET-NOD32 20170602
F-Prot 20170602
F-Secure 20170602
Fortinet 20170602
GData 20170602
Ikarus 20170602
Sophos ML 20170519
Jiangmin 20170602
K7AntiVirus 20170602
K7GW 20170602
Kaspersky 20170602
Kingsoft 20170602
Malwarebytes 20170602
McAfee 20170602
McAfee-GW-Edition 20170602
Microsoft 20170602
eScan 20170602
NANO-Antivirus 20170602
nProtect 20170602
Palo Alto Networks (Known Signatures) 20170602
Panda 20170602
Qihoo-360 20170602
Rising 20170602
SentinelOne (Static ML) 20170516
Sophos AV 20170602
SUPERAntiSpyware 20170602
Symantec 20170602
Symantec Mobile Insight 20170601
Tencent 20170602
TheHacker 20170602
TotalDefense 20170602
TrendMicro-HouseCall 20170602
Trustlook 20170602
VBA32 20170602
VIPRE 20170602
ViRobot 20170602
Webroot 20170602
WhiteArmor 20170601
Yandex 20170602
Zillya 20170602
ZoneAlarm by Check Point 20170602
Zoner 20170602
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright 2015 Wondershare Corporation

Product Filmora
File version 1.2.1.1
Description filmora_setup_full846.exe
Signature verification Signed file, verified signature
Signing date 3:39 AM 5/5/2015
Signers
[+] Shenzhen Wondershare Information Technology Co., Ltd.
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 1:00 AM 7/26/2013
Valid to 12:59 AM 9/25/2015
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 9523B0C3C67D84DE20B507984B8AB6771187B048
Serial number 52 09 CE 41 1D C7 80 94 7A C0 E4 E9 E3 B9 5D 44
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] GlobalSign TSA for MS Authenticode - G2
Status Valid
Issuer GlobalSign Timestamping CA - G2
Valid from 1:00 AM 2/3/2015
Valid to 1:00 AM 3/3/2026
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint B36308B4D4CDED4FCFBD66B955FAE3BFB12C29E6
Serial number 11 21 06 A0 81 D3 3F D8 7A E5 82 4C C1 6B 52 09 4E 03
[+] GlobalSign Timestamping CA - G2
Status Valid
Issuer GlobalSign Root CA
Valid from 11:00 AM 4/13/2011
Valid to 1:00 PM 1/28/2028
Valid usage All
Algorithm sha1RSA
Thumbrint C0E49D2D7D90A5CD427F02D9125694D5D6EC5B71
Serial number 04 00 00 00 00 01 2F 4E E1 52 D7
[+] GlobalSign Root CA - R1
Status Valid
Issuer GlobalSign Root CA
Valid from 1:00 PM 9/1/1998
Valid to 1:00 PM 1/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbrint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-30 02:41:41
Entry Point 0x0005070D
Number of sections 5
PE sections
Overlays
MD5 d02dcc0d053e56fc711ce86364fcc365
File type data
Offset 960000
Size 6728
Entropy 7.35
PE imports
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
FreeSid
RegEnumKeyExW
RegOpenKeyExW
CheckTokenMembership
AllocateAndInitializeSid
RegQueryValueExW
Ord(17)
_TrackMouseEvent
GetCharABCWidthsW
GetTextMetricsW
TextOutW
CreateFontIndirectW
SetStretchBltMode
CreatePen
SaveDC
CreateRectRgnIndirect
CombineRgn
GetClipBox
Rectangle
GetObjectA
LineTo
DeleteDC
RestoreDC
SetBkMode
SetWindowOrgEx
GetObjectW
BitBlt
CreateDIBSection
SetTextColor
GetDeviceCaps
ExtTextOutW
MoveToEx
GetStockObject
ExtSelectClipRgn
CreateRoundRectRgn
SelectClipRgn
RoundRect
StretchBlt
CreateCompatibleDC
DeleteObject
CreateSolidBrush
SelectObject
SetBkColor
GetTextExtentPoint32W
CreateCompatibleBitmap
CreatePenIndirect
GetStdHandle
GetConsoleOutputCP
WaitForSingleObject
HeapDestroy
DuplicateHandle
GetExitCodeProcess
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
UnhandledExceptionFilter
SetErrorMode
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetProcAddress
GetStringTypeA
InterlockedExchange
GetTempPathW
GetTimeZoneInformation
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
InitializeCriticalSection
LoadResource
TlsGetValue
MoveFileW
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
EnumSystemLocalesA
GetSystemDefaultLCID
InterlockedDecrement
MultiByteToWideChar
SetFilePointerEx
SetFilePointer
CreateThread
SetUnhandledExceptionFilter
MulDiv
ExitThread
SetEnvironmentVariableA
TerminateProcess
CreateSemaphoreW
WriteConsoleA
VirtualQuery
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
LoadLibraryW
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
SystemTimeToFileTime
GetFileSize
CreateDirectoryW
DeleteFileW
WaitForMultipleObjects
GetProcessHeap
CompareStringW
WriteFile
GetFileSizeEx
CompareStringA
IsValidLocale
lstrcmpW
GetUserDefaultLCID
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
DosDateTimeToFileTime
LCMapStringW
lstrlenA
GetConsoleCP
FindResourceW
LCMapStringA
GetEnvironmentStringsW
lstrlenW
CreateProcessW
GetEnvironmentStrings
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
SetFileTime
WideCharToMultiByte
HeapSize
GetCommandLineA
InterlockedCompareExchange
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
FreeResource
GetFileAttributesExW
SizeofResource
IsValidCodePage
HeapCreate
FindResourceExW
VirtualFree
Sleep
VirtualAlloc
SysFreeString
VariantClear
VariantInit
SysAllocString
SHGetFolderPathW
SHBrowseForFolderW
SHGetPathFromIDListW
Shell_NotifyIconW
ShellExecuteW
Ord(165)
SHGetSpecialFolderLocation
ShellExecuteExW
SHFileOperationW
SHGetMalloc
MapWindowPoints
SetWindowRgn
PostQuitMessage
SetWindowPos
IsWindow
EndPaint
SetActiveWindow
DispatchMessageW
GetCursorPos
ReleaseDC
SendMessageW
GetClientRect
DefWindowProcW
DrawTextW
LoadImageW
ClientToScreen
GetWindowTextW
GetWindowTextLengthW
InvalidateRgn
PtInRect
GetClassInfoExW
GetPropW
CreateCaret
GetMessageW
ShowWindow
SetPropW
EnableWindow
TranslateMessage
GetWindow
RegisterClassW
IsZoomed
IsIconic
SetTimer
FillRect
CreateAcceleratorTableW
CreateWindowExW
GetWindowLongW
GetUpdateRect
DestroyWindow
SetFocus
GetMonitorInfoW
BeginPaint
OffsetRect
SetCaretPos
KillTimer
CharPrevW
GetParent
GetSystemMetrics
SetWindowLongW
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
PostMessageW
CreatePopupMenu
ShowCaret
GetLastActivePopup
SetWindowTextW
BringWindowToTop
ScreenToClient
TrackPopupMenu
LoadCursorW
LoadIconW
FindWindowExW
GetDC
SetForegroundWindow
IntersectRect
HideCaret
FindWindowW
wvsprintfW
MessageBoxW
GetMenu
RegisterClassExW
MoveWindow
AppendMenuW
AdjustWindowRectEx
GetSysColor
GetKeyState
MonitorFromWindow
SetRect
InvalidateRect
CharNextW
CallWindowProcW
IsRectEmpty
GetFocus
wsprintfW
SetCursor
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
socket
closesocket
inet_addr
send
ioctlsocket
WSAStartup
gethostbyname
WSAGetLastError
connect
WSACleanup
inet_ntoa
htons
recv
select
GdipCloneBrush
GdipCreateFontFromDC
GdiplusShutdown
GdipCreateFromHDC
GdipCreateFontFromLogfontA
GdipFree
GdipDrawString
GdipSetStringFormatAlign
GdipCreateStringFormat
GdipDeleteStringFormat
GdipAlloc
GdiplusStartup
GdipDeleteBrush
GdipCreateLineBrushI
GdipSetStringFormatLineAlign
GdipDeleteGraphics
GdipSetTextRenderingHint
GdipDeleteFont
OleLockRunning
CoUninitialize
CoInitialize
CoCreateGuid
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
Number of PE resources by type
RT_ICON 8
PNG 4
XML 3
RT_VERSION 2
RT_GROUP_ICON 2
EXE 1
RT_MANIFEST 1
ZIPRES 1
Number of PE resources by language
NEUTRAL 12
CHINESE SIMPLIFIED 9
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
498688

ImageVersion
0.0

ProductName
Filmora

FileVersionNumber
1.2.1.1

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x0017

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.2.1.1

TimeStamp
2015:03:30 03:41:41+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
6.0.2

FileDescription
filmora_setup_full846.exe

OSVersion
5.0

FileOS
Win32

LegalCopyright
Copyright 2015 Wondershare Corporation

MachineType
Intel 386 or later, and compatibles

CodeSize
460288

FileSubtype
0

ProductVersionNumber
1.2.1.1

Warning
Possibly corrupt Version resource

EntryPoint
0x5070d

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Execution parents
Compressed bundles
File identification
MD5 1dfbf2e4ac7f9fec86fff13a2e35b9bf
SHA1 a8475efbd854be52b27099ae10d895e70f04eca7
SHA256 94401c6d160697f94df329bb1f3eaa789c9204b2f452d1dd112189ae561c357c
ssdeep
24576:WZF+VJiWZenEwqdnSH8iSbDc9OGB1H8YaS+pIWkIkWgsQUFvn+gazmw:WCkoiSk9v+pITygtUN+Hzmw

authentihash fe0a128f90933293024e9ec1c9bdf0cd1b6b4ee31312e6f8752f253eb2758c5a
imphash 821328d236f0186b594b8d5b9bb62869
File size 944.1 KB ( 966728 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Windows ActiveX control (60.5%)
Win32 Executable MS Visual C++ (generic) (16.2%)
Win64 Executable (generic) (14.3%)
Win32 Dynamic Link Library (generic) (3.4%)
Win32 Executable (generic) (2.3%)
Tags
peexe overlay signed via-tor

VirusTotal metadata
First submission 2015-05-05 12:57:05 UTC ( 3 years, 6 months ago )
Last submission 2018-07-23 18:12:00 UTC ( 3 months, 4 weeks ago )
File names 665799
filmora_setup_full846 (1).exe
wondershare-video-editor.exe
filmora_setup_full846-.exe
filmora_setup_full846.exe
1d89.tmp
filmora_setup_full846.exe
filmora_setup_full846[1].exe
filmora_setup_full846 (2).exe
filmora_setup_full846.exe
filmora_setup_full846.exe.pyc377g.partial
filename
1dfbf2e4ac7f9fec86fff13a2e35b9bf.exe
filmora_setup_full846-Video Editor is an ideal VirtualDub alternative.exe
unconfirmed 338370.crdownload
filmora_setup_full846.exe.3lye6j8.partial
94401c6d160697f94df329bb1f3eaa789c9204b2f452d1dd112189ae561c357c
filmora_setup_full846(1).exe
lmtCzQ.exe
f_0018b2
Wondershare Filmora.exe
video-editor_setup_full846.exe
filmora_setup_full846.exe
1DFBF2E4AC7F9FEC86FFF13A2E35B9BF
Filmora%20Video%20Editor%207.0.0.9%20Online%20Setup.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications