× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4f0915c29ac9b74c0d21655dc69668e0c62375593d1ecf65376de33fe47346cf
File name: vt-upload-a4m1f
Detection ratio: 16 / 54
Analysis date: 2014-08-13 22:02:20 UTC ( 4 years, 7 months ago )
Antivirus Result Update
AntiVir TR/Crypt.ZPACK.66973 20140813
Avast Win32:Malware-gen 20140813
AVG Inject2.ARDB 20140813
AVware Trojan.Win32.Generic!BT 20140813
DrWeb Trojan.PWS.Panda.6267 20140813
ESET-NOD32 a variant of Win32/Kryptik.CIQY 20140813
Fortinet W32/Zbot.CIQY!tr 20140813
GData Win32.Trojan.Zbot.CI 20140813
Kaspersky Trojan-Spy.Win32.Zbot.ttrh 20140813
Kingsoft Win32.Troj.Undef.(kcloud) 20140813
Malwarebytes Trojan.FakeMS.ED 20140813
McAfee Packed-AM!F4B7E3CD10F2 20140813
Microsoft PWS:Win32/Zbot.gen!CI 20140813
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140813
Sophos AV Mal/Generic-S 20140813
VIPRE Trojan.Win32.Generic!BT 20140813
Ad-Aware 20140813
AegisLab 20140813
Yandex 20140813
AhnLab-V3 20140813
Antiy-AVL 20140813
Baidu-International 20140813
BitDefender 20140813
Bkav 20140813
ByteHero 20140813
CAT-QuickHeal 20140813
ClamAV 20140813
CMC 20140813
Commtouch 20140813
Comodo 20140813
Emsisoft 20140813
F-Prot 20140813
F-Secure 20140813
Ikarus 20140813
Jiangmin 20140813
K7AntiVirus 20140813
K7GW 20140813
McAfee-GW-Edition 20140813
eScan 20140813
NANO-Antivirus 20140813
Norman 20140813
nProtect 20140813
Panda 20140813
Qihoo-360 20140813
SUPERAntiSpyware 20140804
Symantec 20140813
Tencent 20140813
TheHacker 20140812
TotalDefense 20140813
TrendMicro 20140813
TrendMicro-HouseCall 20140813
VBA32 20140813
ViRobot 20140813
Zoner 20140811
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
FileVersionInfo properties
Copyright
Copyright 2008-2011 ??? ??????

Publisher ??? ??????
Product Punto Switcher
Original name layouts.exe
Internal name Choose Layouts
File version 3, 2, 7, 84
Description ????????? ??? Punto Switcher
Comments ????? ????????? ??? Punto Switcher
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-08-12 06:59:24
Entry Point 0x00002320
Number of sections 4
PE sections
Number of PE resources by type
RT_ICON 3
RT_DIALOG 2
RT_MANIFEST 1
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 8
ENGLISH US 1
PE resources
File identification
MD5 f4b7e3cd10f27f53a8d5ae17a0c9ddf8
SHA1 cbd103f3b0d64796e7919f1fe353ee689e3bd3d0
SHA256 4f0915c29ac9b74c0d21655dc69668e0c62375593d1ecf65376de33fe47346cf
ssdeep
3072:9LjDPttWyw9XWoe63RBtLvT9IjchG4mTnGCQHHj1vW1OSHdsvo0OjmWc:9LPFtWb9u0BFNhjmKHHj1vWrsvo067

imphash 78e3d6a523f5b760729f721c8aa480a1
File size 270.0 KB ( 276480 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-08-13 22:02:20 UTC ( 4 years, 7 months ago )
Last submission 2014-08-13 22:02:20 UTC ( 4 years, 7 months ago )
File names layouts.exe
vt-upload-a4m1f
Choose Layouts
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections