avd-host.exe

MD5 Hash: ed580d8e928070520bb04ae1e4f0844f
SHA256 Hash: ee30eb2076874d3f5cb79fe4e6d66eff79df49a32f0e49fc421465a203b8d72c
File size: 483840 bytes (473 KB.)
Last analysis: 01 Dec, 2018 17:46:35

Analysis MD5: ed580d8e928070520bb04ae1e4f0844f

Analysis of the file classifies it as a class A (Safe). The file is safe to use. The trust index of this analysis is 98 % (very high).

A
B
C
D+
D
D-
E+
E
E-
F

Description

avd-host.exe is part of Ant Video downloader.

Filename: avd-host.exe (Ant Video downloader)
Threat analysis: Safe
Analysis trust:
98%
Recent activity:
First seen: 28 Oct, 2018
Last seen: 26 Oct, 2019
Last analysis: 01 Dec, 2018
Possible infection: Clean

avd-host.exe Ant Video downloader

Application: Ant Video downloader
Developer: Unknown
Stability:
75%
File version: 0.1.0.0
File size: 483840 bytes (473 KB.)
Recent activity:
Historic activity:
CRC32 hash: 84645f92
MD5 hash: ed580d8e928070520bb04ae1e4f0844f
SHA1 hash: da59540ef0a1c4f6d452487b9fef8644816fbdf9
SHA256 hash: ee30eb2076874d3f5cb79fe4e6d66eff79df49a32f0e49fc421465a203b8d72c
B

Signature verification

Unsigned

This file has no digital signature. The publisher of this file could not be verified.

D+

File entropy

File entropy match: Encrypted

Parts of this file are encrypted. The reasons might be benign but it makes the analysis more difficult.

| 0 b.483840 b. |
Plain Data Text Code Compressed Encrypted Random

File signature

PE32 executable (GUI) Intel 80386

This file can be executed

File header First 32 bytes of this file

4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00

The determination of a file type is done with a signature or magic-numbers. Files are identified using by comparing the first set of bytes in the file header. Using this method type of files are recognised no matter the extension used. This information is useful to for example recognise executable files cloaked as images or movies.


A

Multi malware scan Scan date: 18 Nov, 2018 05:09:47

Individual scanner results (0 %) :

Scanner Engine Result

13.0.311420180814

7.14111820181117

0.100.120181117

1.120181117

7.0-2020181117

4.6.5.14120181117

11.10 build 6820181117

5.47.020181117

310710020180928

A

Malicious code scan

No malicious code found

Agics makes een analysis of the source code of the file. We look for comparisons with known malicious source code. This is a good way to detect new malicious files which are in fact variations of existing, and known malicious files.

Scan results:

0 %
A

Fuzzy hash a.k.a. Context Triggered Piecewise Hashing

SSDEEP

Context Triggered Piecewise Hashing, also called Fuzzy Hashing, can match inputs that have homologies. Such inputs have sequences of identical bytes in the same order, although bytes in between these sequences may be different in both content and length. Comparing a fuzzyhash is a good way to detect morphing malware. Malware which include random code in every copy to change its properties. Agics uses ssdeep to make create a fuzzyhash.

SSDEEP: 6144:bAaFX/v2StoCltokARJglykXqJpZOw9u3RfgHNvI/uAOKAOCwBallllllllxlLlG:Mgjoa9BfM2/uQfmJkvH

No match found


A

Online virus scanners

Detection ration:

0 %
A

VirusShare.com

Not available on virusshare.com

VirusShare.com is a repository of malware samples to provide security researchers, incident responders, forensic analysts, and the morbidly curious access to samples of live malicious code. Presence of the sample on this site indicates that the file is (Once considered) being malicious.
Website: virusshare.com
B

National Software Reference Library

Not on the nsrl list

The NSRL contains a collection of digital signatures of known, traceable software applications. There are application hash values in the hash set which may be considered malicious, i.e. steganography tools and hacking scripts.
Website: www.nsrl.nist.gov

A

Behaviour

Sandbox behaviour analysis:

The file is executed in a safe environment to track its behaviour. The behaviour analysis can help with detecting new malware which is not recognized by virusscanners yet. However it has a high chance on a false-positive, especially with installers, uninstallers and virusscanners.

Performs some HTTP requests

Generates some ICMP traffic

This executable has a PDB path

Network activity

Connects to safe servers

TCP
Host Port
52.109.120.1849284

52.109.88.3749282

80.239.247.5349287

HTTP
URL Port Method
http://192.168.56.102:2869/upnphost/udhisapi.dll?content=uuid:1dd405e6-a67b-4b0f-ab0c-35afb43b4fc02869GET

http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl80GET

http://192.168.56.102:5357/4dff19b6-1709-46d0-aafe-9721daac55c2/5357POST

http://192.168.56.102:2869/upnphost/udhisapi.dll?content=uuid:12a0d982-bca1-44f5-9022-6e5968185ba62869GET

DNS
Domain Result Record type
crl.microsoft.com80.239.247.53A

Dropped files

File name md5

A

Import hashing

Imphash 63622d052d06b9f235f21b0ae0fdded7

Fingerprinting files can be done in various way. One way is to make a hash of the PE Imports. PE Imports are relative unique and this is a great way to find new variants of existing malware. The chance of false-positives is relative high. The resulting hash is often called an imphash.

0% Match0% Match
B

Statistic analysis

Statistic analysis of the file

Similar to other files with the same name
File is not known for a long time
No certificate
Other files with the same name do not have a certificate as well
This is not a common file
B

Neural network analysis

Analysis: Low risk

A neural network is a type of artificial intelligence. It recognized patterns nog clear for a human viewer. Our neural network is surprisingly accurate in recognizing dangerous files. The value below is the predicted chance the file is malicious.

8%8 %

?

User feedback

Read feedback on this file from other users. Help other users by providing feedback yourself.

You can earn reputation points !

You are currently not logged in. Login, or Create an account

Feedback users:

There has been no user feedback provided yet.
You are not logged in. Only registered users can provide feedback. Login and help other users.

Login Create an account