× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 300861b34a79525b32e8e60d2ab8d1aa95c8c444e36946dd33ccd9c0fcc31baa
File name: SWITCH_E2B.exe
Detection ratio: 0 / 54
Analysis date: 2015-11-05 17:34:14 UTC ( 1 year, 4 months ago ) View latest
Antivirus Result Update
Ad-Aware 20151105
AegisLab 20151105
Yandex 20151104
AhnLab-V3 20151105
Alibaba 20151105
ALYac 20151108
Antiy-AVL 20151105
Arcabit 20151105
Avast 20151105
AVG 20151105
Avira (no cloud) 20151105
AVware 20151105
Baidu-International 20151105
BitDefender 20151105
Bkav 20151105
ByteHero 20151105
CAT-QuickHeal 20151105
ClamAV 20151103
CMC 20151102
Comodo 20151105
Cyren 20151105
DrWeb 20151105
Emsisoft 20151105
ESET-NOD32 20151105
F-Prot 20151105
F-Secure 20151105
Fortinet 20151105
GData 20151105
Ikarus 20151105
Jiangmin 20151104
K7AntiVirus 20151105
K7GW 20151105
Kaspersky 20151105
Malwarebytes 20151105
McAfee 20151105
McAfee-GW-Edition 20151105
Microsoft 20151105
eScan 20151105
NANO-Antivirus 20151105
nProtect 20151105
Panda 20151105
Rising 20151104
Sophos 20151105
SUPERAntiSpyware 20151105
Symantec 20151105
Tencent 20151105
TheHacker 20151103
TrendMicro 20151105
TrendMicro-HouseCall 20151105
VBA32 20151105
VIPRE 20151105
ViRobot 20151105
Zillya 20151105
Zoner 20151105
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT ZIP
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-02-15 08:00:37
Entry Point 0x00010F4C
Number of sections 4
PE sections
Overlays
MD5 dc72f77a538d78fa5c7580a5897bf568
File type application/zip
Offset 157184
Size 777350
Entropy 8.00
PE imports
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
InitCommonControlsEx
GetDeviceCaps
DeleteDC
SelectObject
StretchBlt
GetObjectW
CreateDIBSection
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
WaitForSingleObject
GetFileAttributesW
GetExitCodeProcess
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
OpenFileMappingW
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
FindClose
InterlockedDecrement
MoveFileW
GetFullPathNameW
SetLastError
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointer
SetFileAttributesW
SetEnvironmentVariableW
MoveFileExW
SetUnhandledExceptionFilter
TzSpecificLocalTimeToSystemTime
TerminateProcess
WriteConsoleA
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
GetNumberFormatW
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatW
CreateDirectoryW
DeleteFileW
GetProcAddress
CreateFileMappingW
CompareStringW
WriteFile
ExpandEnvironmentStringsW
FindNextFileW
FindFirstFileW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
HeapCreate
GetConsoleCP
LCMapStringA
GetTimeFormatW
GetEnvironmentStringsW
IsDBCSLeadByte
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentDirectoryW
GetCurrentProcessId
SetFileTime
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
UnmapViewOfFile
FindResourceW
VirtualFree
Sleep
VirtualAlloc
VariantInit
SHBrowseForFolderW
SHChangeNotify
SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetFileInfoW
SHGetMalloc
SHAutoComplete
MapWindowPoints
SetFocus
GetParent
UpdateWindow
EndDialog
LoadBitmapW
SetWindowTextW
DefWindowProcW
GetWindowTextW
GetMessageW
ShowWindow
SetWindowPos
wvsprintfW
GetSystemMetrics
SetWindowLongW
IsWindow
SendMessageW
GetWindowRect
EnableWindow
CharUpperW
DialogBoxParamW
SendDlgItemMessageW
GetDlgItemTextW
PostMessageW
GetSysColor
SetDlgItemTextW
GetDC
GetWindowLongW
ReleaseDC
DestroyIcon
TranslateMessage
IsWindowVisible
LoadStringW
GetClientRect
GetDlgItem
GetWindow
OemToCharBuffA
DispatchMessageW
MessageBoxW
PeekMessageW
GetClassNameW
CopyRect
WaitForInputIdle
LoadCursorW
LoadIconW
FindWindowExW
CreateWindowExW
RegisterClassExW
SetForegroundWindow
DestroyWindow
CreateStreamOnHGlobal
CoCreateInstance
CLSIDFromString
OleInitialize
OleUninitialize
Number of PE resources by type
RT_STRING 9
RT_DIALOG 6
RT_ICON 4
RT_MANIFEST 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 22
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:02:15 09:00:37+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
114176

LinkerVersion
9.0

EntryPoint
0x10f4c

InitializedDataSize
41984

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 4afb752682bff55a7c46bf599aea2ccf
SHA1 f364105f57823dba69beae96eb2a37baa46ef2cb
SHA256 300861b34a79525b32e8e60d2ab8d1aa95c8c444e36946dd33ccd9c0fcc31baa
ssdeep
24576:HODjvcw+5VRYEqJLJlfQhAUYrCaKY/BW+xTdx+oP5S:m25Ve7tJChlYmJ+xTdx+oS

authentihash 40f35e3e1a6e4e97af787bd76357ad0b15af2b182e7245d076d905d8f800d914
imphash f3173778f088ce2b56b8257bfe393419
File size 912.6 KB ( 934534 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (41.5%)
Win32 EXE PECompact compressed (generic) (21.0%)
Win32 Executable MS Visual C++ (generic) (15.7%)
Win64 Executable (generic) (13.9%)
Win32 Dynamic Link Library (generic) (3.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-10-25 16:44:51 UTC ( 1 year, 5 months ago )
Last submission 2017-02-23 07:31:23 UTC ( 1 month ago )
File names SWITCH_E2B.exe
300861B34A79525B32E8E60D2AB8D1AA95C8C444E36946DD33CCD9C0FCC31BAA.exe
SWITCH_E2B.exe
SWITCH_E2B.exe
SWITCH_E2B.exe
SWITCH_E2B.exe
SWITCH_E2B.exe
300861b34a79525b32e8e60d2ab8d1aa95c8c444e36946dd33ccd9c0fcc31baa.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs