× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3a7af94a92ec23c84cc9b5125420b8e6411d025fa51e1f7af312e7158fd4cf58
File name: ArtSwitch.v.6.3.exe
Detection ratio: 1 / 46
Analysis date: 2013-01-15 05:10:39 UTC ( 6 years, 3 months ago ) View latest
Antivirus Result Update
McAfee-GW-Edition Heuristic.BehavesLike.Win32.ModifiedUPX.C 20130115
Yandex 20130114
AhnLab-V3 20130114
AntiVir 20130115
Antiy-AVL 20130114
Avast 20130115
AVG 20130115
BitDefender 20130115
ByteHero 20130107
CAT-QuickHeal 20130115
ClamAV 20130115
Commtouch 20130115
Comodo 20130115
DrWeb 20130115
Emsisoft 20130115
eSafe 20130113
ESET-NOD32 20130114
F-Prot 20130115
F-Secure 20130115
Fortinet 20130115
GData 20130115
Ikarus 20130115
Jiangmin 20121221
K7AntiVirus 20130114
Kaspersky 20130115
Kingsoft 20130107
Malwarebytes 20130115
McAfee 20130115
Microsoft 20130115
eScan 20130115
NANO-Antivirus 20130115
Norman 20130114
nProtect 20130114
Panda 20130114
PCTools 20130115
Rising 20130115
Sophos AV 20130115
SUPERAntiSpyware 20130115
Symantec 20130115
TheHacker 20130115
TotalDefense 20130115
TrendMicro 20130115
TrendMicro-HouseCall 20130115
VBA32 20130114
VIPRE 20130115
ViRobot 20130115
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 1, 0, 48, 05
Packers identified
F-PROT UPX_LZMA
PEiD UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-09-25 18:57:32
Entry Point 0x0007D030
Number of sections 3
PE sections
PE imports
RegCloseKey
BitBlt
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
Ord(418)
DragFinish
VerQueryValueA
mixerOpen
Ord(116)
GetOpenFileNameA
CoInitialize
Number of PE resources by type
RT_ICON 7
RT_GROUP_ICON 7
RT_DIALOG 1
RT_MANIFEST 1
RT_MENU 1
RT_ACCELERATOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 19
ExifTool file metadata
UninitializedDataSize
311296

InitializedDataSize
57344

ImageVersion
0.0

FileVersionNumber
1.0.48.5

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

CharacterSet
Unicode

LinkerVersion
7.1

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1, 0, 48, 05

TimeStamp
2009:09:25 19:57:32+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1, 0, 48, 05

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

MachineType
Intel 386 or later, and compatibles

CodeSize
200704

FileSubtype
0

ProductVersionNumber
1.0.48.5

EntryPoint
0x7d030

ObjectFileType
Executable application

File identification
MD5 acb8f59bd35f1e1e1de0f2b95eebeed6
SHA1 11fad827884f40d6f5f2262c5ccc302f6b0baefe
SHA256 3a7af94a92ec23c84cc9b5125420b8e6411d025fa51e1f7af312e7158fd4cf58
ssdeep
6144:5ZC4d3lbxc6wU/UP+XhdMRFD3LAwektsEroSNk0RCbp6fqLx:u4dMRU/UP4heFjLDFthoSNk0g6c

File size 288.6 KB ( 295571 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit, UPX compressed

TrID UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
Tags
peexe upx

VirusTotal metadata
First submission 2013-01-15 05:10:39 UTC ( 6 years, 3 months ago )
Last submission 2013-01-19 18:37:02 UTC ( 6 years, 3 months ago )
File names file-5032671_exe
ArtSwitch.v.6.4.exe
ArtSwitch.v.6.3.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!