videoplugin_win7_.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 21/57 Related 2060
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 49.00 KB (50176 bytes)
Compile time: 2016-08-16 12:00:26
MD5: 6b65c98e45e7bc9086ccf02e04379e4a
SHA1: f8c86d81813265a1ac99397136b779db146c28fe
SHA256: 9776c30b3da247119ea6d9eb6b2da03c9087f2ea53a6fa9fcd9bebd6f18c8288
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2016-09-20 20:45:02
Last submission: 2016-09-20 20:45:02
Filename detected: - videoplugin_win7_.exe (1)
URL file hosting
hXXp://rdovicia.hookresearch.ru/videoplugin_win7_.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2016-09-20 18:25:07 [21/57] VirusTotal
PE Sections 1 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0xb494 46592 889badad92a83874c2233e1674184b69 1e1bdede38d650f024c2c89277694c239fa2537f
.rsrc 0xe000 0x810 2560 fcafbf6b974057bc51a7e6741f2f449d cd3d8bd0b9dd02c02ec5a4a09da805ff2572be3c
.reloc 0x10000 0xc 512 f70a3d896415c9615306613cbe6183de ab579b48a0873870254bc18e280c3d04609f764a
PE Resources
Name Offset Size Language Sublanguage Data
RT_VERSION 0xe090 1206 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_MANIFEST 0xe558 691 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: Copyright \xa9 VideoPlugin Services 2016
Assembly Version: 1.350.1633.1
InternalName: VideoPlugin.UpdateService.Installer.exe
FileVersion: 1.350.1633.1
CompanyName: VideoPlugin Services
LegalTrademarks: VideoPlugin
Comments: VideoPlugin UpdateService Installer
ProductName: VideoPlugin.UpdateService.Installer
ProductVersion: 1.350.1633.1
FileDescription: VideoPlugin UpdateService Installer
Translation: 0x0000 0x04b0
OriginalFilename: VideoPlugin.UpdateService.Installer.exe
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: XML
/config.xml
{0}/{1}/{2}/config.xml
{0}/{1}/config.xml
FIle type: Library
mscoree.dll
FIle type: Web Page
http://cob0wu5h1s38zsc.org/api/upr7/test.php
http://cob0wu5h1s38zsc.org:8080/api/upr7/post.php
IP Found
No IP detected
URL(s)
http://ttgzcb-files3.com:8080/get-assets/
http://cob0wu5h1s38zsc.org:8080/api/upr7/post.php
http://cob0wu5h1s38zsc.org/api/upr7/test.php
http://adspbo-files3.com:8080/get-assets/
http://www.google.com
http://piisbo-files3.com:8080/get-assets/
Stop Uninstall
+Tl|
SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages
LoadUpdateServiceFiles: EPIC FAIL
http://cob0wu5h1s38zsc.org/api/upr7/test.php
SOFTWARE\Classes\Installer\Products
osv
VideoPlugin
VS_VERSION_INFO
file
osa
UpdateService
Invalid OSID
InternalName
http://ttgzcb-files3.com:8080/get-assets/
1633.1
DownloadFile:ERROR: NotConnected
Update
VideoPlugin.FilterDriver
9 ;!?"@#F&I
{0} {1}
FilePartLoadFail
1.350.1633.1
VideoPlugin.Uninstaller.exe
InstallUpdateServiceError
Translation
VideoPlugin Services
A>I
FilterService
BuildFileFail
LegalCopyright
VideoPlugin.AssetLoader.Package.{0}
result=
Attempt # {0}; timeout = {1} min
VideoPlugin.BrowserService
InstallDate
{{ packages = {0} }}
VideoPlugin.UpdateService.Installer.exe
Install Start
Comments
VideoPlugin.UpdateService.exe
A6<
VersionLoadFail
name
InstallUpdateService: FAIL
A64
cmd
W10
mode
appid
Software\VideoPlugin\Update
W072A32
installdone
Software\VideoPlugin
createKey_Software_VideoPlugin: DONE
{0}\{1}
KB2949927
W081A32
VarFileInfo
VideoPlugin/1633.1/UpdateService
DownloadFile:ERROR: InvalidBaseURL
fail
osid
W071A64
InvalidInstallerError
LoadUpdateServiceFiles: LAST ATTEMPT FAIL
W07
LoadXDocument: NotConnected
state
version
W080A32
Retry # {0} in {1} sec
Publisher
hash
A32
createKey_Software_VideoPlugin: ERROR
N350
LoadUpdateServiceFiles: TIMEOUT EXPIRED
/config.xml
AVh
! " # $ %!&"'"(")"*&
path
AVg
NoModify
src
Video Plugin
InstallUpdateService: DONE
LegalTrademarks
ProductName
noads
W072A64
BrowserService
N451
N450
ProductVersion
createKey_Software_VideoPlugin_PostbackURL: FAIL
VideoPlugin UpdateService Installer
FileDescription
VideoPlugin Services 2016
CompanyName
W100A64
UpdateUninstallRegKey: FAIL
done
yyyyMMdd
DisplayVersion
DisplayName
{0}/{1}/{2}/{3}.gz
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
FileLoadFail
createKey_Software_VideoPlugin_PostbackURL: START
http://piisbo-files3.com:8080/get-assets/
VideoPlugin.FilterServer.exe
unknown
A:C
Copyright
start
asset
AOW
msg
VideoPlugin.BrowserService.exe
ProgramFiles(x86)
createKey_Software_VideoPlugin_PostbackURL: DONE
files
{0} : {1}
x-video-plugin-service
createKey_Software_VideoPlugin_PostbackURL: ERROR
InstallUpdateService: START
NoRepair
VideoPlugin.UpdateService.Installer
part
LoadUpdateServiceFiles: START
http://cob0wu5h1s38zsc.org:8080/api/upr7/post.php
VideoPlugin.AssetServer
Assembly Version
AUc
createKey_Software_VideoPlugin: START
W080A64
x-video-plugin-appid
install
LoadAssetError
Software\Microsoft\Windows\CurrentVersion\Uninstall\VideoPlugin
W081
W080
Software\UBar
Abv
MoveUpdateServiceFiles: DONE
SimplePackage
AIQ
package
AfterUbarInstallError
UpdateUninstallRegKey: START
Invalidate URL [{0}]
ready
InvalidBaseUrls
4[
UninstallString
{0}/{1}/{2}/config.xml
^(imr|icb|coi|ins|amo)[0-9a-z]+$
parts
StringFileInfo
http://www.google.com
InstallUpdateService: RETRY
LoadUpdateServiceFiles
W081A64
W071A32
FileVersion
normal
VideoPlugin.FilterService
postback
{0}/{1}/config.xml
000004b0
KB3033929
createKey_Software_VideoPlugin: FAIL
NoUpdateServiceFilesLoaded
LoadXDocument: InvalidBaseURL
W100A32
LoadUpdateServiceFiles: DONE
data
class
OriginalFilename
A0:
hUe
DuplicateInstallError
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall
N460
InstallLocation
UpdateUninstallRegKey: DONE
A[s
http://adspbo-files3.com:8080/get-assets/
.gz
N )UU
KEY_SOFTWARE_UBAR
VideoPlugin.AssetLoader.Package
DateTime
get_UTF8
postStartState
<AssetLoaderID>k__BackingField
ProcessExecHidden
ContainsKey
get_VideoPlugin_BrowserService_HomeDir
eventArgs
ROOT_KEY_NAMES
Int32
filesDir
set_AssetName
fileDict
Descendants
AsyncCallback
set_CurrentVersionName
Object
get_APPID
, r6
mscorlib
XAttribute
Registry
valueName
<>c__DisplayClass30_0
<>c__DisplayClass30_1
<>c__DisplayClass30_2
DownloadFileAsync
predicate
*.s
IOException
System.Runtime.InteropServices
Func`2
op_LessThan
ExistsKey_Software_VideoPlugin
SetInstallDoneKey_HKCU
buildFile
packageDictLock
Substring
IEnumerator`1
BitConverter
, ra
<PrivateImplementationDetails>
Select
<AssetConfigPath>k__BackingField
baseUrlStackLock
VALNAME_INSTALLDONE
assetDir
packageLoad
AssemblyConfigurationAttribute
get_VideoPlugin_UninstallString
- (E
waitForInstallDone
VALNAME_MODE
loadAttempt
get_VerMinor
TextReader
System.Reflection
ForEachProcessAsync
<FileName>k__BackingField
<packages>j__TPar
get_Length
version
RuntimeTypeHandle
System.Core
WithDataStream
get_OSV
<>c__DisplayClass15_0
get_OSA
videoPlugin_UninstallString
path
.cctor
VideoPlugin_BrowserService_Name
installTime
fileStream
assetLoader
IsNullOrEmpty
&Copyright
z *
CreateSubKey
VideoPlugin Services 2016
assetLoadDoneEvent
op_Equality
Where
s;
AssemblyCompanyAttribute
partFileName
s>
-!rS
<>c__DisplayClass9_0
GetProcessesByName
Elements
set_QueryString
System.Text.RegularExpressions
<>c__DisplayClass17_0
(s
ConvertUtil
asset
Interlocked
IEnumerator
partStream
<AssetVersion>k__BackingField
set_Name
Contains
pre
FileMode
GetValueOrDefault
sx
VideoPlugin.SystemInfo
get_Mode
VideoPlugin_FilterDriver_Name
get_InstallerName
get_FileSpecs
VideoPlugin Services
Init
System.Collections
get_PackageSpecs
get_PartFileName
EqualityComparer`1
hasProgramFiles32
hasSha2KB
postFinalState
fileDir
CreateKey_Software_VideoPlugin_PostbackURL
get_baseUrl
VideoPlugin_UpdateService_FileName
downloadFile
keyName
VALUE_INSTALL_READY
OperatingSystem
postInstallState
MD5Cng
Format
HasValidLocalFile
browserService_Path
filePath
System.ComponentModel
GuidAttribute
get_VersionSpecPath
VideoPlugin.UpdateService.Installer
WebHeaderCollection
Combine
FILES_DIR_NAME
set_PackageSpecs
Enumerable
get_PackageSpec
get_AssetConfigPath
set_IsLoaded
ToLower
DebuggerBrowsableState
SetInstallState_HKCU
ARCH_NAME
createKey_Software_VideoPlugin
System.Threading
KEY_UNINSTALL_VIDEOPLUGIN
updateService_Path
get_Count
data
get_AssetLoaderID
get_Message
!This program cannot be run in DOS mode. $
HMACSHA256
System.IO.Compression
updateUninstallRegKey
KEY_UPDATE
set_FileSpecs
<>9__1_0
#VideoPlugin.UpdateService.Installer
Dispose
VideoPlugin.UpdateService.Installer.exe
get_QueryString
TimeoutException
VideoPlugin.Server
GetHashCode
-J+l
AssemblyTrademarkAttribute
GetCurrentProcess
ToByte
1K `
VideoPlugin_FilterService_Name
OpenRead
set_AssetConfigPath
UploadValues
GetPackageVersions
<PackageSpecs>k__BackingField
<VersionFilesDir>k__BackingField
+;
fileHash
get_PackageConfigPath
VALUE_MODE_UNKNOWN
AppendLine
updateService_HomeDir
fileName
ToString
get_ArchName
SHA256Cng
FINAL_STATE_FAIL
First
#Blob
name
config
HKLM_SW_PRODS_1
set_Item
#GUID
Program
+
timeout
Microsoft.Win32
Move
VALNAME_CMD
AssemblyFileVersionAttribute
get_Minor
partLoadDoneEvent
get_VideoPlugin_DataDir
BSJB
HashUtil
lastTraceLock
get_MainModule
InstallerNameRegex
1 0u
op_Implicit
DebuggerHiddenAttribute
+,
+6r
& o
DebuggerBrowsableAttribute
partFileNameListSyncRoot
System.Text
myBaseUrl
op_Inequality
-Y+{
-q8
packageFiles
args
AssemblyTitleAttribute
VIDEOPLUGIN_APP_NAME
get_Major
<PartFileName>k__BackingField
Delete
<>c__DisplayClass21_0
get_VerMajor
VersionFilePart
netid
traceDelay
WinInfo
packageDir
v2.0.50727
ProcessModule
System.Security.Cryptography
add_DownloadFileCompleted
commonAppDataDir
validateInstaller
MemberInfo
<FileHash>k__BackingField
System.Collections.Specialized
get_Name
GetValue
get_InstallTimeStamp
Start
o(
set_PackageSpec
done
ToUpper
VersionSpec
HashAlgorithm
ForEachProcess
System.Linq
set_FileName
<?xml version="1.0" encoding="utf-8"?> <assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="requireAdministrator" uiAccess="false" /> </requestedPrivileges> </security> </trustInfo> <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"> <application> <!-- Windows 7 --> <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}" /> </application> </compatibility> </assembly>
ASSET_NAME
get_isConnected
p +.r
SetInstallDoneKey_HKLM
get_VideoPlugin_HomeDir
InvalidOperationException
Create
set_FileHash
get_VersionName
RegistryKey
hasError
GetFolderPath
part
Int64
set_WorkingDirectory
fileLoadDone
get_FileName
set_AssetDir
gunA
VALUE_MODE_NOADS
CommonRegUtil
get_AssetDir
filterService_HomeDir
VideoPlugin_Uninstaller_FileName
GetTypeFromHandle
<LoadFileSpecs>b__5_1
<LoadFileSpecs>b__5_0
get_CurrentVersionName
videoPlugin_DataDir
mscoree.dll
get_Headers
TimeSpan
get_VersionFilesDir
ManualResetEvent
VALNAME_PATH
(6
isLoading
Main
.text
List`1
AsyncCompletedEventArgs
hadError
GetString
HasValidPartFile
VALUE_INSTALL_DONE
Component
- r{
StateServer
GetTestContent
<Load>b__2
j0)(_
XContainer
GetDirectoryName
GetKeyValue_Software_VideoPlugin
get_Values
Convert
( r+
.(+((n
ApplicationException
get_SyncRoot
-G+]
- r
Enter
*n~6
*n~7
currentBaseUrl
VALUE_STATE_DONE
CS$<>8__locals1
81.M
PostFinalState
*f~N
Stack`1
lastTraces
filterServerPath
PostStartState
DeleteKey_Software_VideoPlugin
~5
Monitor
OpenSubKey
op_Subtraction
<>9__9_2
<>9__9_1
HEADER_VIDEO_PLUGIN_SERVICE_NAME
@.reloc
fileSpec
CreateDirectory
get_ExitCode
CompareExchange
set_AssetVersion
filePartLoadDone
get_AssetVersion
<packages>i__Field
r
deleteLocalParts
Asset
CompilationRelaxationsAttribute
pr-
*.(>
<IsLoaded>k__BackingField
loadFilePart
*.(:
SpecialFolder
get_HasProgramFiles32
get_Chars
hex2bytes
count
MemoryStream
MoveNext
lastTrace
-5+?
System.Runtime.CompilerServices
HmacSha256
System.Net
bytes2hex
isDeletingLocalParts
, r
SimpliePackageConfig
&rc
<>f__AnonymousType0`1
N/$.
`.rsrc
<>9__5_1
<>9__5_0
VersionFileSpec
UploadData
LoadXDocument
- r5
IFormatProvider
get_VideoPlugin_UpdateService_HomeDir
set_VersionSpecPath
<AssetName>k__BackingField
get_HasSha2KB
get_VideoPlugin_UpdateService_Path
get_Default
VALNAME_APPID
get_ProgramFilesDir
Md5Hex
<PartUriPath>k__BackingField
<PackageConfigPath>k__BackingField
filesLoadDoneEvent
<PackageFiles>k__BackingField
<Load>b__0
<Load>b__1
WaitOne
<Load>b__3
.ctor
+#rQ
state
DeleteKey_Uninstall_VideoPlugin
DeleteSubKeyTree
.T+l(n
set_VersionName
IAsyncResult
NameValueCollection
IDisposable
(:
Exists
packageName
set_PartFileName
get_AssetName
VideoPlugin_BrowserService_FileName
get_VideoPlugin_BrowserService_Path
*.~Y
<AssetDir>k__BackingField
set_UseShellExecute
KEY_SOFTWARE_VIDEOPLUGIN
archIndex
HKLM_SW_UNINST_2
HKLM_SW_UNINST_1
set_Mode
PlatformID
get_PartHash
RuntimeCompatibilityAttribute
-8+N
CompressionMode
get_Error
installUpdateService
WaitForExit
set_CreateNoWindow
AssemblyProductAttribute
GetEnumerator
p +&r
VALUE_INSTALL_START
*^r
get_PartHashes
<Module>
Subtract
DownloadString
Concat
get_OSID
assetVersion
StringBuilder
lastTracesLock
packageDict
fileLoadDoneEvent
VALUE_MODE_NORMAL
<VersionName>k__BackingField
Action
GetSubKeyNames
ComputeHash
GetBytes
sender
*B~:
get_packages
packageClassName
value
-*~@
partList
IsMatch
invalidateBaseUrl
assetName
$87A66174-306D-4436-AD81-B39D22C2D062
Open
PARTS_DIR_NAME
CompilerGeneratedAttribute
<FileSpecs>k__BackingField
set_PackageConfigPath
ComVisibleAttribute
NewGuid
CreateKey_Uninstall_VideoPlugin
VideoPlugin
Write
AssetServer
get_UtcNow
ASSET_VERSION
installerName
invalidBaseUrl
baseUrlStack
set_PartHashes
get_PartUriPath
DownloadFile
PostPostback
~B
loadUpdateServiceFiles
SetInstallState_HKLM
prc
videoPlugin_HomeDir
get_VideoPlugin_FilterService_HomeDir
AssetConfig
VAL_DISPLAY_NAME
URL_GET_TEST
Clear
set_PackageFiles
LoadFileSpecs
VALUE_INSTALL_FAIL
BASE_URLS
-&+0r=
*(O
get_FileHash
get_VideoPlugin_FilterServer_Path
<Load>b__1_0
PACKAGE_NAME
System.IO
WrapNonExceptionThrows
ProcessStartHidden
<DownloadFile>b__0
<DownloadFile>b__1
remove_DownloadFileCompleted
get_Item
get_StartInfo
XName
InstallerRegUtil
partsDir
get_Version
VersionFile
ProcessStartInfo
*2~V
HEADER_VIDEO_PLUGIN_SERVICE_VALUE
partHash
trace_InvalidBaseUrl
Nullable`1
System.Xml.Linq
VALUE_STATE_FAIL
-_8
get_Today
FileStream
currentVersion
get_IsLoaded
InstallerInfo
packageSource
VALNAME_INSTALL
WebClient
get_HasValue
Thread
VALNAME_STATE
Action`2
WaitLoadRetry
Action`1
SetValue
set_AssetLoaderID
get_InstalledProgramNames
appid
get_TotalMilliseconds
VideoPlugin.Util
*^(7
packageLoadDone
% }
~B
GZipStream
get_ArchIndex
EventWaitHandle
ICollection
_CorExeMain
VALNAME_VERSION
buffer
<PackageSpec>k__BackingField
CancelLoad
1.350.1633.1
<CurrentVersionName>k__BackingField
VALUE_INSTALLDONE_KEY
KeyValuePair`2
browserService_HomeDir
z~8
CreateInstance
ExistsKey_Software_UBar
<>9__1
DebuggingModes
Sha256Hex
#Strings
set_Arguments
<PartHashes>k__BackingField
package
get_Names
+/rG
Replace
ProcessUtil
assetsDir
+6 o
AssemblyCopyrightAttribute
LocalMachine
WAIT_LOAD_UNIT
ToArray
fileLoad
Equals
Environment
programFilesDir
IEnumerable`1
get_Is64bit
packageSpec
-7~'
createKey_Software_VideoPlugin_PostbackURL
CreateKey_Software_VideoPlugin
KEY_SOFTWARE_VIDEOPLUGIN_UPDATE
filePart
partFileNameList
AsyncCompletedEventHandler
get_Current
VALNAME_POSTBACK
AppInfo
XElement
ComputeStringHash
InstalledPrograms
VAL_PRODUCT_NAME
System.Collections.Generic
q#D
URL_POST
isLoadCancelled
set_PartUriPath
+ re
System.Diagnostics
GetEnvironmentVariable
GetType
VideoPlugin.AssetLoader
get_IsValid_InstallerName
StreamReader
get_Config
Close
CurrentUser
FirstOrDefault
SimplePackage
AssemblyDescriptionAttribute
Dictionary`2
GetFileNameWithoutExtension
BeginInvoke
file
osid
Activator
get_INSTALL_STATE
eventHandler
*B~Y
get_OSVersion
get_HasSha2
<Name>k__BackingField
DebuggableAttribute
get_CommonAppDataDir
VideoPlugin_FilterServer_FileName
<>4__this
get_Platform
get_PackageFiles
get_Value
+1
Remove
DirectoryInfo
fileDictLock
set_VersionFilesDir
set_Encoding
isLoadig
#VideoPlugin UpdateService Installer
<PartHash>k__BackingField
set_PartHash
get_NETID
Sleep
partHashes
<VersionSpecPath>k__BackingField
<Load>b__9_2
<Load>b__9_1
HEADER_VIDEO_PLUGIN_APPID
PostInstallState

#infosec #automation

TheSystem Itself @ 2016-09-20 20:45:02