× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a8f6791675332c039df8b806b352cdc05a9392000812f3406d1659db144f0b01
File name: file.exe
Detection ratio: 8 / 54
Analysis date: 2016-08-17 05:40:42 UTC ( 2 years, 7 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Win-Trojan/Cerber.Gen 20160816
Baidu Win32.Trojan.Kryptik.alb 20160816
Bkav HW32.Packed.83FB 20160816
Kaspersky not-a-virus:HEUR:Downloader.Win32.LMN.gen 20160817
McAfee Artemis!41598C27B2C3 20160817
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.gh 20160816
Qihoo-360 Win32/Virus.Downloader.9a9 20160817
Sophos AV Mal/Cerber-B 20160816
Ad-Aware 20160817
AegisLab 20160817
Alibaba 20160817
ALYac 20160817
Antiy-AVL 20160817
Arcabit 20160817
Avast 20160817
AVG 20160817
Avira (no cloud) 20160816
AVware 20160817
BitDefender 20160817
CAT-QuickHeal 20160816
ClamAV 20160817
CMC 20160816
Comodo 20160817
Cyren 20160817
DrWeb 20160817
Emsisoft 20160817
ESET-NOD32 20160817
F-Prot 20160817
F-Secure 20160817
Fortinet 20160817
GData 20160817
Ikarus 20160816
Jiangmin 20160817
K7AntiVirus 20160816
K7GW 20160817
Kingsoft 20160817
Malwarebytes 20160817
Microsoft 20160817
eScan 20160817
NANO-Antivirus 20160817
nProtect 20160812
Panda 20160816
SUPERAntiSpyware 20160817
Symantec 20160817
Tencent 20160817
TheHacker 20160816
TrendMicro 20160817
TrendMicro-HouseCall 20160817
VBA32 20160816
VIPRE 20160817
ViRobot 20160817
Yandex 20160816
Zillya 20160816
Zoner 20160817
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 2008-2011 ??? ??????

Product Punto Switcher
Internal name Punto Switcher Unloader
File version 3.2.3.51
Description ????????? Punto Switcher
Comments ????????? Punto Switcher
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-18 04:01:17
Entry Point 0x00002B50
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegSetValueExA
RegOpenKeyW
RegCreateKeyA
RegQueryValueExW
GetEnhMetaFileA
AddFontResourceA
GetTextMetricsW
GetEnhMetaFileW
TextOutW
CreateMetaFileA
OffsetRgn
SaveDC
STROBJ_dwGetCodePage
GdiIsMetaFileDC
CreateRectRgnIndirect
AddFontResourceW
CombineRgn
SelectFontLocal
PlayMetaFile
GdiConvertAndCheckDC
RectInRegion
GetCharABCWidthsI
CreateMetaFileW
XLATEOBJ_iXlate
DeleteDC
SetBkMode
RemoveFontResourceExA
GetWorldTransform
SetMetaFileBitsEx
GetBitmapDimensionEx
EndDoc
EngQueryEMFInfo
SetPaletteEntries
XLATEOBJ_cGetPalette
GdiSetServerAttr
SetTextColor
CreateDIBPatternBrushPt
GetTransform
SetDIBitsToDevice
GdiEntry15
gdiPlaySpoolStream
GetStretchBltMode
FloodFill
SetTextAlign
CreateCompatibleDC
GetTextFaceA
PATHOBJ_bEnumClipLines
CloseEnhMetaFile
DeviceCapabilitiesExW
ArcTo
CreateColorSpaceA
GetTextExtentPoint32W
StartDocA
CloseMetaFile
CancelDC
GetCharWidthFloatW
SelectObject
GetViewportExtEx
bMakePathNameW
BeginPath
DeleteObject
DeleteMetaFile
GetLastError
GetDriveTypeW
LoadLibraryA
lstrlenA
GetModuleFileNameW
GetDriveTypeA
HeapAlloc
ReadConsoleInputW
SetConsoleCursorPosition
GetModuleFileNameA
GlobalAlloc
GetFileAttributesW
VerifyVersionInfoW
SetDefaultCommConfigW
GetStartupInfoA
FileTimeToLocalFileTime
WritePrivateProfileStringA
MapViewOfFileEx
lstrlenW
_llseek
FatalAppExitA
GetCommandLineA
GetProcAddress
GetProcessHeap
OpenMutexA
WideCharToMultiByte
LoadLibraryW
GetModuleHandleA
GetFileAttributesA
lstrcpyA
IsBadHugeReadPtr
QueryInformationJobObject
GetStringTypeW
GetModuleHandleW
InitAtomTable
UnmapViewOfFile
SetConsoleDisplayMode
ChangeTimerQueueTimer
GetCommandLineW
GetVersion
ReadConsoleOutputAttribute
ReadConsoleOutputA
MapWindowPoints
RegisterWindowMessageW
CreateDesktopA
GetParent
CharPrevA
DrawTextExW
LoadBitmapW
CharUpperW
CharNextA
SendIMEMessageExW
ShowWindow
ToAsciiEx
LoadBitmapA
DrawTextExA
GetWindowThreadProcessId
MessageBoxExA
GetSystemMetrics
GetClipboardFormatNameA
RegisterClipboardFormatA
DlgDirSelectComboBoxExW
CharUpperBuffA
MessageBoxA
LoadIconW
CharLowerW
wvsprintfA
GetSysColor
CreateDesktopW
LoadStringA
GetKeyState
DestroyIcon
EnumDisplayMonitors
DdeQueryConvInfo
IsCharUpperA
IsWindowVisible
CreateMDIWindowA
ToAscii
GetDlgItem
CharLowerA
IsWindow
IsCharLowerW
UpdateWindow
DdePostAdvise
wsprintfA
CharUpperA
GetClassNameW
AdjustWindowRect
TileChildWindows
DdeCreateDataHandle
OemToCharW
GetDC
LoadAcceleratorsW
GetWindowLongW
CharNextW
DialogBoxIndirectParamA
DestroyWindow
timeGetTime
CoCreateInstance
StringFromGUID2
OleInitialize
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
RUSSIAN 1
ENGLISH US 1
PE resources
ExifTool file metadata
FileDescription
Punto Switcher

Comments
Punto Switcher

InitializedDataSize
49152

ImageVersion
0.0

ProductName
Punto Switcher

FileVersionNumber
3.2.3.51

UninitializedDataSize
0

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
3.2.3.51

TimeStamp
2016:08:18 05:01:17+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Punto Switcher Unloader

ProductVersion
3.2.3.51

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 2008-2011

MachineType
Intel 386 or later, and compatibles

CodeSize
437760

FileSubtype
0

ProductVersionNumber
3.2.3.51

EntryPoint
0x2b50

ObjectFileType
Executable application

File identification
MD5 41598c27b2c3cc5b812c758769f3230e
SHA1 dc0480865cc25076f71d847801e946e1807f797a
SHA256 a8f6791675332c039df8b806b352cdc05a9392000812f3406d1659db144f0b01
ssdeep
6144:FdM1MPBra/EjX+QjOLHjr7un7CTSwtvyAzJbW+jXRnArnjZFOd8eO:UmwyXW/r7un7eNyU6+TmF2

authentihash e01cd20379b405585e571d320e06aedb7ae08c148923ebf1d41a90e534cffeb0
imphash c6ac4c3bf4e69d4a2f08e1b192c40839
File size 476.5 KB ( 487936 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
ftp peexe

VirusTotal metadata
First submission 2016-08-17 04:52:27 UTC ( 2 years, 7 months ago )
Last submission 2016-12-08 17:13:29 UTC ( 2 years, 3 months ago )
File names 41598c27b2c3cc5b812c758769f3230e
uholwmew.exe
yhozojok.exe
file.exe
f46e2c2ff4467664804989d5d0be6687c12d09d2
Punto Switcher Unloader
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications