× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3e1c440b1744ea160854e8a28300cdd7494086eb0858574e99a4a56a388bd58e
File name: ToggleIT.exe
Detection ratio: 3 / 55
Analysis date: 2015-08-24 11:02:12 UTC ( 2 years, 2 months ago ) View latest
Antivirus Result Update
CMC Trojan.Win32.Generic!O 20150824
Qihoo-360 HEUR/QVM11.1.Malware.Gen 20150824
VBA32 Trojan.Autoit.F 20150822
Ad-Aware 20150824
AegisLab 20150824
Yandex 20150822
AhnLab-V3 20150824
Alibaba 20150824
ALYac 20150824
Antiy-AVL 20150824
Arcabit 20150824
Avast 20150824
AVG 20150824
AVware 20150824
Baidu-International 20150824
BitDefender 20150824
Bkav 20150824
ByteHero 20150824
CAT-QuickHeal 20150824
ClamAV 20150824
Comodo 20150824
Cyren 20150824
DrWeb 20150824
Emsisoft 20150824
ESET-NOD32 20150824
F-Prot 20150824
F-Secure 20150824
Fortinet 20150824
GData 20150824
Ikarus 20150824
Jiangmin 20150823
K7AntiVirus 20150824
K7GW 20150824
Kaspersky 20150824
Kingsoft 20150824
Malwarebytes 20150824
McAfee 20150824
McAfee-GW-Edition 20150823
Microsoft 20150824
eScan 20150824
NANO-Antivirus 20150824
nProtect 20150824
Panda 20150824
Rising 20150823
Sophos AV 20150824
SUPERAntiSpyware 20150822
Symantec 20150823
Tencent 20150824
TheHacker 20150824
TrendMicro 20150824
TrendMicro-HouseCall 20150824
VIPRE 20150824
ViRobot 20150824
Zillya 20150824
Zoner 20150824
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
MetalloSoft

File version 1.0.0.2
Description Toggle IT
Comments Toggle IT Context Menu Enhancements and Tweaks for Windows (c)MetalloSoft
Packers identified
F-PROT AutoIt, UTF-8, UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-01-29 21:32:28
Entry Point 0x0012FF60
Number of sections 3
PE sections
Overlays
MD5 5615542cce46057da525b6679d1634b4
File type data
Offset 788992
Size 131086
Entropy 8.00
PE imports
ImageList_Remove
GetSaveFileNameW
LineTo
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
WNetGetConnectionW
VariantInit
EnumProcesses
DragFinish
LoadUserProfileW
VerQueryValueW
FtpOpenFileW
timeGetTime
CoInitialize
Number of PE resources by type
RT_ICON 15
RT_STRING 7
RT_GROUP_ICON 4
RT_DIALOG 1
RT_MANIFEST 1
RT_MENU 1
RT_VERSION 1
Number of PE resources by language
ENGLISH UK 28
ENGLISH US 2
PE resources
ExifTool file metadata
SubsystemVersion
5.0

Comments
Toggle IT Context Menu Enhancements and Tweaks for Windows (c)MetalloSoft

LinkerVersion
10.0

ImageVersion
0.0

FileVersionNumber
1.0.0.2

UninitializedDataSize
970752

LanguageCode
English (British)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
520192

EntryPoint
0x12ff60

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.0.2

TimeStamp
2012:01:29 22:32:28+01:00

FileType
Win32 EXE

PEType
PE32

FileDescription
Toggle IT

OSVersion
5.0

FileOS
Win32

LegalCopyright
MetalloSoft

MachineType
Intel 386 or later, and compatibles

CodeSize
274432

FileSubtype
0

ProductVersionNumber
3.3.8.1

FileTypeExtension
exe

ObjectFileType
Unknown

Compressed bundles
File identification
MD5 35794d19b4c30073f626e689410d3327
SHA1 3b156631eb114c06acce0449b88b119aeac841fe
SHA256 3e1c440b1744ea160854e8a28300cdd7494086eb0858574e99a4a56a388bd58e
ssdeep
12288:M6Wq4aaE6KwyF5L0Y2D1PqLb2dXwMazAsEMH3q4V:KthEVaPqL2AMazAzO3q4

authentihash 73d2455e4bf7f2646498876f869dc8a10d61d9f14c8567224f4b97e1bad66cd9
imphash 890e522b31701e079a367b89393329e6
File size 898.5 KB ( 920078 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (39.3%)
Win32 EXE Yoda's Crypter (38.6%)
Win32 Dynamic Link Library (generic) (9.5%)
Win32 Executable (generic) (6.5%)
Generic Win/DOS Executable (2.9%)
Tags
peexe upx overlay

VirusTotal metadata
First submission 2015-08-22 23:55:02 UTC ( 2 years, 2 months ago )
Last submission 2016-10-19 00:25:54 UTC ( 1 year ago )
File names ToggleIT.exe
ToggleIT.exe
ToggleIT.exe
ToggleIT.exe
ToggleIT.exe
ToggleIT.exe
ToggleIT.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened service managers
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.