× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2d3deca85683e8978d5a29b8ec86615f0788719a6275e8867aa7827485279655
File name: XonarSwitch.exe
Detection ratio: 0 / 56
Analysis date: 2015-09-10 08:17:11 UTC ( 1 year, 8 months ago ) View latest
Antivirus Result Update
Ad-Aware 20150910
AegisLab 20150910
Yandex 20150909
AhnLab-V3 20150910
Alibaba 20150902
ALYac 20150910
Antiy-AVL 20150910
Arcabit 20150910
Avast 20150910
AVG 20150910
Avira (no cloud) 20150910
AVware 20150910
Baidu-International 20150910
BitDefender 20150910
Bkav 20150909
ByteHero 20150910
CAT-QuickHeal 20150910
ClamAV 20150910
CMC 20150908
Comodo 20150910
Cyren 20150910
DrWeb 20150910
Emsisoft 20150910
ESET-NOD32 20150910
F-Prot 20150910
F-Secure 20150910
Fortinet 20150910
GData 20150910
Ikarus 20150910
Jiangmin 20150909
K7AntiVirus 20150910
K7GW 20150910
Kaspersky 20150910
Kingsoft 20150910
Malwarebytes 20150910
McAfee 20150910
McAfee-GW-Edition 20150910
Microsoft 20150910
eScan 20150910
NANO-Antivirus 20150910
nProtect 20150909
Panda 20150910
Qihoo-360 20150910
Rising 20150909
Sophos 20150910
SUPERAntiSpyware 20150910
Symantec 20150909
Tencent 20150910
TheHacker 20150910
TrendMicro 20150910
TrendMicro-HouseCall 20150910
VBA32 20150909
VIPRE 20150909
ViRobot 20150910
Zillya 20150909
Zoner 20150910
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Giulio Sosio

Product XonarSwitch
Original name XonarSwitch.exe
Internal name XonarSwitch
File version 0.09.0661
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-09-09 16:16:56
Entry Point 0x00007F8C
Number of sections 3
PE sections
PE imports
GetSaveFileNameW
GetOpenFileNameW
DirectSoundCreate8
GetDeviceCaps
DeleteDC
SelectObject
EnumFontFamiliesW
BitBlt
GetStockObject
GetDIBits
GetObjectW
CreateBitmap
CreateCompatibleDC
DeleteObject
CreateToolhelp32Snapshot
GetLastError
ReleaseMutex
GlobalFree
GetVersionExW
GetProcessTimes
GlobalUnlock
lstrlenW
Process32NextW
GetCurrentProcess
OpenProcess
DeleteFileW
GetUserDefaultLCID
Process32FirstW
GetTempPathW
SetProcessWorkingSetSize
CreateMutexW
CloseHandle
GlobalLock
GetModuleHandleW
LocalFree
DeviceIoControl
CreateFileW
GlobalAlloc
CreateProcessW
RtlMoveMemory
Sleep
GetCurrentThreadId
MulDiv
_adj_fdivr_m64
Ord(645)
Ord(518)
_CIcos
__vbaGenerateBoundsError
_allmul
Ord(616)
EVENT_SINK_Invoke
__vbaGet3
Ord(527)
_adj_fprem
Ord(558)
__vbaR4Var
Ord(546)
__vbaAryMove
__vbaObjVar
__vbaUI1Str
__vbaGetOwner3
__vbaCyForInit
Ord(714)
__vbaVerifyVarObj
Ord(301)
__vbaCyAdd
__vbaVarAnd
__vbaCastObj
__vbaRedim
__vbaForEachCollObj
__vbaVarLateMemSt
__vbaRefVarAry
__vbaLateMemCallSt
__vbaRecDestruct
__vbaCopyBytes
__vbaRaiseEvent
__vbaCyMul
_adj_fdiv_r
__vbaUI1I2
__vbaRecAnsiToUni
__vbaObjSetAddref
Ord(681)
__vbaDateStr
__vbaMidStmtBstr
_adj_fdiv_m64
__vbaHresultCheckObj
__vbaI2Var
__vbaR8Str
_CIlog
__vbaVarMul
__vbaRecAssign
Ord(595)
__vbaVarLateMemCallLd
_adj_fptan
__vbaFileClose
Ord(581)
__vbaFpCmpCy
__vbaLateIdCallSt
__vbaI4Var
__vbaLateIdCall
Ord(306)
__vbaError
__vbaRecUniToAnsi
__vbaAryCopy
__vbaFreeStr
Ord(670)
__vbaLateIdCallLd
Ord(631)
__vbaVarNot
__vbaStrI2
__vbaStrR8
__vbaStrI4
__vbaBoolErrVar
__vbaVarSetVarAddref
__vbaFreeStrList
__vbaCyAbs
__vbaI2I4
Ord(557)
_adj_fdiv_m16i
__vbaExceptHandler
__vbaStrDate
EVENT_SINK_QueryInterface
__vbaFpUI1
Ord(617)
Ord(648)
Ord(516)
__vbaR8Cy
Ord(320)
__vbaCyVar
Ord(607)
__vbaLenBstr
Ord(525)
__vbaNextEachCollAd
__vbaRedimPreserve
Ord(561)
__vbaCheckType
__vbaStrToUnicode
__vbaCyStr
__vbaInStr
_adj_fdiv_m32i
Ord(717)
Ord(600)
__vbaI4ErrVar
Ord(307)
__vbaSetSystemError
DllFunctionCall
Zombie_GetTypeInfoCount
__vbaPowerR8
__vbaUbound
__vbaVarCmpGt
__vbaVarTstLt
__vbaMidStmtVar
__vbaFreeVar
__vbaBoolVarNull
Ord(556)
__vbaVargVarMove
__vbaLbound
__vbaUI1Var
__vbaR4Str
__vbaFileOpen
__vbaStrCy
__vbaI2Str
Ord(321)
Ord(526)
__vbaStrR4
Ord(606)
__vbaNew
__vbaAryLock
__vbaLsetFixstr
__vbaVarTstEq
Ord(666)
__vbaExitEachColl
Ord(667)
__vbaVarDiv
__vbaVar2Vec
Ord(711)
__vbaUnkVar
__vbaOnError
__vbaVargVarCopy
__vbaFpCy
__vbaInStrVar
__vbaStrCat
__vbaVarDup
__vbaStrLike
__vbaChkstk
EVENT_SINK_Release
__vbaStrCmp
__vbaI4Cy
Ord(570)
__vbaErase
__vbaBoolVar
Ord(587)
__vbaStr2Vec
__vbaStrVarCopy
__vbaFreeObjList
__vbaStrCopy
Ord(592)
__vbaVarIndexLoad
EVENT_SINK_GetIDsOfNames
Ord(319)
Ord(583)
Ord(311)
Ord(538)
__vbaFreeVarList
Ord(305)
Ord(578)
__vbaStrVarMove
Ord(626)
__vbaR4Sgn
Ord(632)
__vbaVarLikeVar
__vbaExitProc
Ord(618)
Zombie_GetTypeInfo
__vbaVarOr
Ord(562)
__vbaFailedFriend
__vbaLateMemCallLd
__vbaCySub
__vbaAryConstruct2
Ord(520)
__vbaFreeObj
_adj_fdivr_m32
__vbaStrVarVal
__vbaVarSub
Ord(585)
__vbaVarTstGt
__vbaVargObjAddref
EVENT_SINK2_AddRef
Ord(303)
__vbaI4Str
Ord(528)
__vbaR4Cy
__vbaStrErrVarCopy
__vbaVarCmpNe
__vbaVarMove
__vbaFPInt
__vbaErrorOverflow
__vbaStrUI1
__vbaNew2
__vbaLateIdSt
__vbaVarTstNe
__vbaVarCmpEq
__vbaAryDestruct
__vbaStrMove
__vbaCyUI1
_adj_fprem1
Ord(537)
Ord(563)
_adj_fdiv_m32
Ord(535)
Ord(712)
__vbaCyI2
__vbaLenVar
__vbaCyI4
__vbaVarZero
__vbaI4Abs
__vbaPutOwner3
__vbaVarCat
__vbaLateMemSt
__vbaVarLateMemCallLdRf
_adj_fpatan
Ord(586)
EVENT_SINK_AddRef
_adj_fdivr_m32i
Ord(300)
__vbaObjIs
__vbaVarVargNofree
__vbaCyMulI2
Ord(591)
__vbaCyForNext
__vbaCVarAryUdt
Ord(313)
__vbaFPException
__vbaAryVar
_adj_fdivr_m16i
__vbaAryUnlock
__vbaVarAdd
Ord(100)
__vbaStrToAnsi
__vbaForEachCollVar
__vbaRecDestructAnsi
__vbaCyErrVar
__vbaCastObjVar
Ord(534)
Ord(519)
__vbaNextEachCollObj
Ord(309)
__vbaUI1I4
_CIsin
_CIsqrt
__vbaVarCopy
Ord(614)
__vbaLenBstrB
__vbaI2Cy
__vbaNextEachCollVar
_CIatan
__vbaI2Abs
__vbaLateMemCall
Ord(573)
_CItan
Ord(529)
__vbaPut3
__vbaObjSet
__vbaVarCmpLt
Ord(644)
Ord(660)
__vbaI2ErrVar
__vbaForEachCollAd
EVENT_SINK2_Release
_CIexp
Ord(685)
__vbaUI1Cy
__vbaFpR4
Ord(582)
__vbaVarCmpLe
__vbaFpI4
Ord(598)
__vbaFpI2
RedrawWindow
GetMonitorInfoW
RegisterWindowMessageW
UnregisterHotKey
SetMenuDefaultItem
EnumWindows
CreateIconIndirect
SetWindowPos
GetWindowThreadProcessId
SetWindowLongW
DestroyIcon
GetWindowRect
UnhookWindowsHookEx
GetWindow
GetSysColor
SendMessageW
GetDC
GetKeyState
GetCursorPos
ReleaseDC
GetIconInfo
GetMenu
DrawIconEx
SystemParametersInfoW
CallWindowProcW
CallNextHookEx
GetSubMenu
LoadImageW
FillRect
RegisterHotKey
MonitorFromPoint
SetWindowsHookExW
LoadCursorW
GetWindowLongW
SetForegroundWindow
SetCursor
GetTokenInformation
RegCreateKeyExW
RegEnumValueW
RegCloseKey
OpenProcessToken
RegSetValueExW
FreeSid
ConvertSidToStringSidW
RegEnumKeyExW
RegOpenKeyExW
CheckTokenMembership
AllocateAndInitializeSid
RegDeleteKeyW
RegDeleteValueW
RegQueryValueExW
InitCommonControlsEx
InitCommonControls
GdipCreateStringFormat
GdipAddPathLine
GdipGetImageHeight
GdipCreateSolidFill
GdipSetSmoothingMode
GdipMeasureString
GdipCreateLineBrushFromRect
GdiplusShutdown
GdipDeleteFontFamily
GdipLoadImageFromStream
GdipDisposeImage
GdipCreatePath
GdiplusStartup
GdipDeleteGraphics
GdipFillPath
GdipFillRectangle
GdipDeleteFont
GdipCreateFromHDC
GdipCreatePen2
GdipCreatePen1
GdipDrawRectangle
GdipSetStringFormatAlign
GdipGetImageWidth
GdipSetLineBlend
GdipTranslateWorldTransform
GdipStartPathFigure
GdipDrawImageRectRectI
GdipCreateFont
GdipDeletePath
GdipDeletePen
GdipSetInterpolationMode
GdipAddPathArc
GdipFillEllipse
GdipDrawString
GdipCreateFontFamilyFromName
GdipDrawLine
GdipDeleteStringFormat
GdipDrawEllipse
GdipRotateWorldTransform
GdipDeleteBrush
GdipSetStringFormatLineAlign
CreateStreamOnHGlobal
CoUninitialize
IIDFromString
StringFromIID
CoCreateInstance
CoInitialize
CoTaskMemFree
OleTranslateColor
OleCreatePictureIndirect
SysAllocString
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW
SetupDiGetDeviceInstanceIdW
Shell_NotifyIconW
ShellExecuteExW
SHAppBarMessage
InternetReadFile
InternetOpenW
InternetCloseHandle
InternetOpenUrlW
mixerGetLineControlsW
mixerGetControlDetailsW
mixerGetNumDevs
mixerOpen
mixerSetControlDetails
timeGetTime
mixerClose
mixerMessage
mixerGetLineInfoW
PlaySoundW
Number of PE resources by type
RT_ICON 67
RT_GROUP_ICON 19
PNG 5
RT_MANIFEST 1
HTML 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 89
NEUTRAL 4
ITALIAN 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
286720

ImageVersion
0.9

ProductName
XonarSwitch

FileVersionNumber
0.9.0.661

LanguageCode
Italian

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
XonarSwitch.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
0.09.0661

TimeStamp
2015:09:09 17:16:56+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
XonarSwitch

ProductVersion
0.09.0661

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

LegalCopyright
Giulio Sosio

MachineType
Intel 386 or later, and compatibles

CompanyName
Giulio Sosio

CodeSize
1200128

FileSubtype
0

ProductVersionNumber
0.9.0.661

EntryPoint
0x7f8c

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 fd547142c52537113da4d19c2b07d40c
SHA1 907a8eb78e9b597902fc9b0dd452c512a69ea0b5
SHA256 2d3deca85683e8978d5a29b8ec86615f0788719a6275e8867aa7827485279655
ssdeep
24576:0L3Zu0bTuYJ1rLkC0eEuV6AIOWoelpoR2NhOCU/fzFlJ8vKLLS+0cVpHX7v6y5BY:b8uYJ5kC0eEuV6AIOWoelpoR0h/U/fRA

authentihash 234fe0bb8ec2e274719d6013d36f0b830de8414f5c3a2036147bd11ca999fe18
imphash 232dd4aea7f637b26a63a4e1d075f922
File size 1.4 MB ( 1449984 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (54.9%)
Win32 Executable MS Visual C++ (generic) (20.8%)
Win64 Executable (generic) (18.4%)
Win32 Executable (generic) (3.0%)
Generic Win/DOS Executable (1.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-09-10 08:17:11 UTC ( 1 year, 8 months ago )
Last submission 2017-05-04 13:10:10 UTC ( 3 weeks, 2 days ago )
File names XonarSwitch
XonarSwitch.exe
XonarSwitch.exe
xonarswitch.exe
XonarSwitch.exe
XonarSwitch.exe
XonarSwitch.exe
xonarswitch.exe
xonarswitch.exe
xonarswitch.exe
xonarswitch.exe
xonarswitch.exe
XonarSwitch.exe
XonarSwitch.exe
XonarSwitch.exe
XonarSwitch.exe
XonarSwitch.exe
xonarswitch.exe
XonarSwitch.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Deleted files
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections