× Cookies er deaktiveret! Denne side kræver cookies for at fungere korrekt
SHA256: 971c9559f267ecd9c921a12e1ae9135035bf6d6abcbf146164136120b49f7710
Filnavn: SilentSwitchFinder-x86.exe
Opdagelses forhold: 0 / 56
Undersøgelses dato: 2015-10-06 22:15:37 UTC ( 3 år, 6 månederiden ) Se seneste
Antivirus Resultat Opdatere
Ad-Aware 20151006
AegisLab 20151006
Yandex 20151004
AhnLab-V3 20151006
Alibaba 20150927
ALYac 20151006
Antiy-AVL 20151006
Arcabit 20151006
Avast 20151006
AVG 20151006
Avira (no cloud) 20151006
AVware 20151006
Baidu-International 20151006
BitDefender 20151006
Bkav 20151006
ByteHero 20151006
CAT-QuickHeal 20151006
ClamAV 20151006
CMC 20151005
Comodo 20151006
Cyren 20151006
DrWeb 20151006
Emsisoft 20151006
ESET-NOD32 20151006
F-Prot 20151006
F-Secure 20151006
Fortinet 20151006
GData 20151006
Ikarus 20151006
Jiangmin 20151005
K7AntiVirus 20151006
K7GW 20151006
Kaspersky 20151006
Kingsoft 20151006
Malwarebytes 20151006
McAfee 20151006
McAfee-GW-Edition 20151006
Microsoft 20151006
eScan 20151006
NANO-Antivirus 20151006
nProtect 20151006
Panda 20151006
Qihoo-360 20151006
Rising 20151006
Sophos AV 20151006
SUPERAntiSpyware 20151006
Symantec 20151006
Tencent 20151006
TheHacker 20151006
TrendMicro 20151006
TrendMicro-HouseCall 20151006
VBA32 20151006
VIPRE 20151006
ViRobot 20151006
Zillya 20151006
Zoner 20151006
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© 2007-2014 J.Malmgren - www.tryware.d

Product DeployMaster
Internal name Setup
File version 1.2.0.1
Description SilentSwitchFinder
Comments This installation package is built with Just Great Software DeployMaster. Please visit http://www.DeployMaster.com for more information.
Packers identified
PEiD BobSoft Mini Delphi -> BoB / BobSoft
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-08-08 05:25:01
Entry Point 0x000080BC
Number of sections 8
PE sections
Overlays
MD5 6ec10e3f12ee4d159f69520f993cdccd
File type data
Offset 49152
Size 5059888
Entropy 8.00
PE imports
RegOpenKeyExA
FreeSid
RegQueryValueExA
RegCloseKey
AllocateAndInitializeSid
GetStdHandle
WaitForSingleObject
FreeLibrary
ExitProcess
GetVersionExA
GetModuleFileNameA
RtlUnwind
GetStartupInfoA
LocalAlloc
DeleteFileA
UnhandledExceptionFilter
MultiByteToWideChar
GetCommandLineA
GetProcAddress
SetFilePointer
GetTempPathA
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
WriteFile
GetCurrentProcess
FindFirstFileA
GetACP
CreateProcessA
VirtualQuery
VirtualFree
FindClose
TlsGetValue
Sleep
TlsSetValue
CreateFileA
GetCurrentThreadId
VirtualAlloc
GetFileSize
CloseHandle
SysReAllocStringLen
SysFreeString
SysAllocStringLen
ShellExecuteExA
MessageBoxA
GetKeyboardType
CharNextA
DestroyWindow
Number of PE resources by type
RT_ICON 5
RT_RCDATA 2
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 8
NEUTRAL 2
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
This installation package is built with Just Great Software DeployMaster. Please visit http://www.DeployMaster.com for more information.

LinkerVersion
2.25

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.2.0.1

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
SilentSwitchFinder

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Windows, Latin1

InitializedDataSize
20480

EntryPoint
0x80bc

MIMEType
application/octet-stream

LegalCopyright
2007-2014 J.Malmgren - www.tryware.d

FileVersion
1.2.0.1

TimeStamp
2013:08:08 07:25:01+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
Setup

ProductVersion
1.2.0

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
TrywareDk

CodeSize
27648

ProductName
DeployMaster

ProductVersionNumber
1.2.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 5d494309f63ff7f32096311b38696c2d
SHA1 dd44d6585eba864d85c11dfba4ee9d1254ded50e
SHA256 971c9559f267ecd9c921a12e1ae9135035bf6d6abcbf146164136120b49f7710
ssdeep
98304:pXL8zhob26ZiTpIK4wwJR2EeGmW1fSr7WkztRp9cESHmgu32RR0:qtob2tpIKVwPe/SESGJ3yC

authentihash 7a72320226275fa1daca1a93eb893e9bdfb3427491b18fcf27f4d40382ad57b4
imphash a8a131e17abf50f28b49a7b35aff709f
File size 4.9 MB ( 5109040 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Windows screen saver (40.5%)
Win32 Dynamic Link Library (generic) (20.3%)
Win32 Executable (generic) (13.9%)
Win16/32 Executable Delphi generic (6.4%)
OS/2 Executable (generic) (6.2%)
Tags
bobsoft peexe overlay

VirusTotal metadata
First submission 2015-10-06 22:15:37 UTC ( 3 år, 6 månederiden )
Last submission 2018-09-21 03:35:42 UTC ( 7 månederiden )
Filnavne Setup
971C9559F267ECD9C921A12E1AE9135035BF6D6ABCBF146164136120B49F7710
SilentSwitchFinder-x86.exe
Ingen kommentarer. Ingen af VirusTotal's medlemmer har kommenteret denne enhed, bliv den første til at gøre dette.

Efterlad din kommentar...

?
Send kommentar

Du er ikke logget ind. Kun registrerede brugere kan skrive kommentarer, log ind!

Ingen stemmer. Ingen har bedømt denne enhed endnu, bliv den første der gør det!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Runtime DLLs