VidElement[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

VidElement.exe
Size

442KB
MD5

a41541ac82f2a31ec692164239f0f750
SHA1

e6f13223f318bba29ecdb80fbf79b17ea4311560
SHA256

0e6ab797cb124752de4cc3875143eafc2edc1e2c8d09c4f04b71e53cf5f9d541
SHA512

1ae57bf3f348e21d0c2210d9ea6c7644403551d1d505e6b0e2e3d405e0b759108a203b67825f6c859d98ff7a37105f9b2cc03bcc9c4fef86c017ad03584a428a
SSDEEP

3072:PRBsOgBchI8dVVeXKff77tHXScP76ZyDEc:UOgBchX3/jfEc

Score

1^/10

Malware Config

Signatures

Files

VidElement.exe
.exe windows:5 windows x64 arch:x64

6fbdf61009bf628919b6454406cfe5dd

Code Sign

b8:9e:82:66:35:04:53:8f:c3:65:38:a1:49:c5:f5:bd
Certificate

Issuer

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

05/05/2021, 00:00

Not After

04/05/2024, 23:59

Subject

SERIALNUMBER=09603368,CN=Ace Thinker Limited,O=Ace Thinker Limited,L=London,C=GB,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024742

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/12/2014, 00:00

Not After

02/12/2029, 23:59

Subject

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

38:63:de:f8
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

24/12/1999, 17:50

Not After

24/07/2029, 14:15

Subject

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

22/07/2015, 19:02

Not After

22/06/2029, 19:32

Subject

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:ab:95:75:28:9c:a5:9f:0e:17:d4:0b:ea:05:c3:1f
Certificate

Issuer

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

04/10/2022, 17:21

Not After

01/01/2029, 00:00

Subject

CN=Entrust Timestamp Authority - TSA1,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

00:6d:5b:71:aa:c1:a4:1d:9e:21:67:3a:03:dd:e0:d1:0e:92:6f:dd:9c:b1:a7:7a:04:42:fd:6e:e3:24:81:bc
Signer

Actual PE Digest

00:6d:5b:71:aa:c1:a4:1d:9e:21:67:3a:03:dd:e0:d1:0e:92:6f:dd:9c:b1:a7:7a:04:42:fd:6e:e3:24:81:bc

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\pack\src\30\code.oa.com_8443\svn\video-converter\branches\hotfix\v3.5.109@17386\bin\release\Tools\Loader\Loader.pdb

Imports

qt5widgets

?event@QApplication@@MEAA_NPEAVQEvent@@@Z
??0QApplication@@QEAA@AEAHPEAPEADH@Z
?notify@QApplication@@UEAA_NPEAVQObject@@PEAVQEvent@@@Z
?compressEvent@QApplication@@MEAA_NPEAVQEvent@@PEAVQObject@@PEAVQPostEventList@@@Z
?qt_metacast@QApplication@@UEAAPEAXPEBD@Z
?qt_metacall@QApplication@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?metaObject@QApplication@@UEBAPEBUQMetaObject@@XZ
??1QApplication@@UEAA@XZ

qt5core

?permissions@QFile@@UEBA?AV?$QFlags@W4Permission@QFileDevice@@@@XZ
?pos@QFileDevice@@UEBA_JXZ
?open@QFile@@UEAA_NV?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z
?qt_metacast@QFile@@UEAAPEAXPEBD@Z
?readData@QFileDevice@@MEAA_JPEAD_J@Z
?readLineData@QFileDevice@@MEAA_JPEAD_J@Z
?reset@QIODevice@@UEAA_NXZ
?resize@QFile@@UEAA_N_J@Z
?seek@QFileDevice@@UEAA_N_J@Z
?setPermissions@QFile@@UEAA_NV?$QFlags@W4Permission@QFileDevice@@@@@Z
?size@QFile@@UEBA_JXZ
?timerEvent@QObject@@MEAAXPEAVQTimerEvent@@@Z
?waitForBytesWritten@QIODevice@@UEAA_NH@Z
?waitForReadyRead@QIODevice@@UEAA_NH@Z
?writeData@QFileDevice@@MEAA_JPEBD_J@Z
?shared_null@QListData@@2UData@1@B
?metaObject@QFile@@UEBAPEBUQMetaObject@@XZ
?isSequential@QFileDevice@@UEBA_NXZ
?fileName@QFile@@UEBA?AVQString@@XZ
?eventFilter@QObject@@UEAA_NPEAV1@PEAVQEvent@@@Z
?event@QObject@@UEAA_NPEAVQEvent@@@Z
?disconnectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z
?customEvent@QObject@@MEAAXPEAVQEvent@@@Z
?connectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z
?close@QFileDevice@@UEAAXXZ
?childEvent@QObject@@MEAAXPEAVQChildEvent@@@Z
?canReadLine@QIODevice@@UEBA_NXZ
?bytesToWrite@QIODevice@@UEBA_JXZ
?bytesAvailable@QIODevice@@UEBA_JXZ
?atEnd@QFileDevice@@UEBA_NXZ
?currentTime@QTime@@SA?AV1@XZ
?toString@QTime@@QEBA?AVQString@@AEBV2@@Z
?exists@QDir@@QEBA_NAEBVQString@@@Z
??1QDir@@QEAA@XZ
??0QDir@@QEAA@AEBVQString@@@Z
??1QFile@@UEAA@XZ
??0QFile@@QEAA@AEBVQString@@@Z
?flush@QFileDevice@@QEAA_NXZ
??6QDebug@@QEAAAEAV0@AEBVQString@@@Z
??1QDebug@@QEAA@XZ
?startDetached@QProcess@@SA_NAEBVQString@@AEBVQStringList@@@Z
?write@QIODevice@@QEAA_JAEBVQByteArray@@@Z
?write@QIODevice@@QEAA_JPEBD@Z
?setFileName@QLibrary@@QEAAXAEBVQString@@@Z
?isLoaded@QLibrary@@QEBA_NXZ
?load@QLibrary@@QEAA_NXZ
?resolve@QLibrary@@QEAAP6AXXZPEBD@Z
??1QLibrary@@UEAA@XZ
??0QLibrary@@QEAA@PEAVQObject@@@Z
?applicationFilePath@QCoreApplication@@SA?AVQString@@XZ
?applicationDirPath@QCoreApplication@@SA?AVQString@@XZ
?append@QListData@@QEAAPEAPEAXXZ
?dispose@QListData@@SAXPEAUData@1@@Z
?detach_grow@QListData@@QEAAPEAUData@1@PEAHH@Z
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z
?fromUtf8@QString@@SA?AV1@PEBDH@Z
?toUtf8@QString@@QEBA?AVQByteArray@@XZ
?append@QString@@QEAAAEAV1@AEBV1@@Z
?arg@QString@@QEBA?AV1@AEBV1@HVQChar@@@Z
??1QString@@QEAA@XZ
??0QString@@QEAA@AEBV0@@Z
??0QString@@QEAA@XZ
??1QByteArray@@QEAA@XZ
??0QChar@@QEAA@UQLatin1Char@@@Z
?debug@QMessageLogger@@QEBA?AVQDebug@@XZ
??0QMessageLogger@@QEAA@PEBDH0@Z
?qt_metacall@QFile@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z

kernel32

GetProcAddress
WideCharToMultiByte
LocalFree
GetCommandLineW
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
LoadLibraryW
GetModuleFileNameW
Sleep

msvcp120

?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z

msvcr120

__set_app_type
__getmainargs
_amsg_exit
__crtGetShowWindowMode
_XcptFilter
__crtCapturePreviousContext
__crtCaptureCurrentContext
__crtTerminateProcess
__crtUnhandledException
__crt_debugger_hook
_initterm
__C_specific_handler
__dllonexit
_calloc_crt
exit
_lock
memcpy
__CxxFrameHandler3
_CxxThrowException
wcsncpy
memmove
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
_purecall
_exit
_cexit
_ismbblead
_configthreadlocale
__setusermatherr
_unlock
_initterm_e
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
_acmdln
_fmode
_commode
__crtSetUnhandledExceptionFilter
_onexit
??_V@YAXPEAX@Z

shell32

CommandLineToArgvW

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 408KB - Virtual size: 408KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6fbdf61009bf628919b6454406cfe5dd

Code Sign

b8:9e:82:66:35:04:53:8f:c3:65:38:a1:49:c5:f5:bdCertificate

Extended Key Usages

Key Usages

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1Certificate

Extended Key Usages

Key Usages

38:63:de:f8Certificate

Key Usages

58:da:13:ff:00:00:00:00:51:ce:0d:f7Certificate

Extended Key Usages

Key Usages

56:ab:95:75:28:9c:a5:9f:0e:17:d4:0b:ea:05:c3:1fCertificate

Extended Key Usages

Key Usages

00:6d:5b:71:aa:c1:a4:1d:9e:21:67:3a:03:dd:e0:d1:0e:92:6f:dd:9c:b1:a7:7a:04:42:fd:6e:e3:24:81:bcSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

qt5widgets

qt5core

kernel32

msvcp120

msvcr120

shell32

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 1024B - Virtual size: 4KB

.pdata Size: 1024B - Virtual size: 864B

.rsrc Size: 408KB - Virtual size: 408KB

.reloc Size: 512B - Virtual size: 220B

b8:9e:82:66:35:04:53:8f:c3:65:38:a1:49:c5:f5:bd
Certificate

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

38:63:de:f8
Certificate

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

56:ab:95:75:28:9c:a5:9f:0e:17:d4:0b:ea:05:c3:1f
Certificate

00:6d:5b:71:aa:c1:a4:1d:9e:21:67:3a:03:dd:e0:d1:0e:92:6f:dd:9c:b1:a7:7a:04:42:fd:6e:e3:24:81:bc
Signer

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 1024B - Virtual size: 4KB

.pdata
Size: 1024B - Virtual size: 864B

.rsrc
Size: 408KB - Virtual size: 408KB

.reloc
Size: 512B - Virtual size: 220B