× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d1040a0976a6f150cb61aa1c0efb3d274f0687542e3680b7a2b2fcca428c3ca2
File name: e2a2bc3741a9ce1372d2e42c1a78e139527fd468
Detection ratio: 31 / 54
Analysis date: 2014-08-13 10:37:16 UTC ( 4 years, 8 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1803145 20140813
AntiVir TR/Crypt.ZPACK.66973 20140813
Avast Win32:Malware-gen 20140813
AVG Inject2.ARDB 20140813
AVware Trojan.Win32.Generic!BT 20140813
Baidu-International Trojan.Win32.Zbot.cgen 20140813
BitDefender Trojan.GenericKD.1803145 20140813
Commtouch W32/Trojan.RGLW-9086 20140813
Comodo UnclassifiedMalware 20140813
DrWeb Trojan.PWS.Panda.6267 20140813
Emsisoft Trojan.GenericKD.1803145 (B) 20140813
ESET-NOD32 a variant of Win32/Kryptik.CIQY 20140813
F-Prot W32/Trojan2.OGBX 20140813
F-Secure Trojan.GenericKD.1803145 20140813
GData Win32.Trojan.Zbot.CI 20140813
Ikarus Trojan-Spy.Win32.Zbot 20140813
Kaspersky Trojan-Spy.Win32.Zbot.ttrh 20140813
Kingsoft Win32.Troj.Undef.(kcloud) 20140813
Malwarebytes Trojan.FakeMS.ED 20140813
McAfee RDN/Generic PWS.y!b2q 20140813
Microsoft PWS:Win32/Zbot.gen!CI 20140813
eScan Trojan.GenericKD.1803145 20140813
nProtect Trojan.GenericKD.1803145 20140813
Panda Trj/Chgt.B 20140813
Qihoo-360 HEUR/Malware.QVM20.Gen 20140813
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140813
Sophos AV Troj/Zbot-ITP 20140813
Symantec Trojan.Zbot 20140813
Tencent Win32.Trojan.Bp-qqthief.Iqpl 20140813
TrendMicro-HouseCall Suspicious_GEN.F47V0812 20140813
VIPRE Trojan.Win32.Generic!BT 20140813
AegisLab 20140813
Yandex 20140812
AhnLab-V3 20140813
Antiy-AVL 20140813
Bkav 20140812
ByteHero 20140813
CAT-QuickHeal 20140813
ClamAV 20140812
CMC 20140809
Fortinet 20140813
Jiangmin 20140813
K7AntiVirus 20140812
K7GW 20140812
McAfee-GW-Edition 20140812
NANO-Antivirus 20140813
Norman 20140813
SUPERAntiSpyware 20140804
TheHacker 20140812
TotalDefense 20140813
TrendMicro 20140813
VBA32 20140813
ViRobot 20140813
Zoner 20140811
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 2008-2011 ??? ??????

Publisher ??? ??????
Product Punto Switcher
Original name layouts.exe
Internal name Choose Layouts
File version 3, 2, 7, 84
Description ????????? ??? Punto Switcher
Comments ????? ????????? ??? Punto Switcher
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-08-12 06:59:24
Entry Point 0x00002320
Number of sections 4
PE sections
PE imports
RegCloseKey
RegQueryValueA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExW
GetOpenFileNameA
GetEnhMetaFileA
GetBkColor
CloseEnhMetaFile
CreateCompatibleDC
DeleteDC
CancelDC
SetBkMode
GetStockObject
CloseMetaFile
EndDoc
GetSystemPaletteUse
GetTextCharset
PathToRegion
GetMapMode
GdiFlush
UpdateColors
DeleteObject
RealizePalette
GetLayout
GetLastError
GetStdHandle
VirtualAllocEx
lstrlenA
lstrcmpiA
FreeLibrary
QueryPerformanceCounter
GetTickCount
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
lstrlenW
FreeEnvironmentStringsA
GetStartupInfoA
GetEnvironmentStrings
LocalAlloc
GetCommandLineW
UnhandledExceptionFilter
SetErrorMode
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
WideCharToMultiByte
GetModuleFileNameW
GetModuleHandleA
ReadFile
GetCurrentProcessId
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
lstrcpynA
TerminateProcess
GetACP
ExpandEnvironmentStringsA
GetFileAttributesA
LocalFree
IsWow64Process
GetModuleFileNameA
GetVersion
lstrcmpiW
Sleep
FormatMessageA
CreateFileA
ExitProcess
GetCurrentThreadId
GetFileSize
SetLastError
PathRemoveFileSpecA
PathAppendA
wnsprintfA
SetFocus
GetMessageA
GetForegroundWindow
EndDialog
GetMessageW
DefWindowProcW
PostQuitMessage
DefWindowProcA
FindWindowA
GetQueueStatus
IsGUIThread
SetWindowPos
GetListBoxInfo
GetSystemMetrics
EnableMenuItem
IsWindow
GetMenu
GetLastActivePopup
DispatchMessageA
GetThreadDesktop
VkKeyScanA
GetMessageExtraInfo
MessageBoxA
SetWindowLongA
TranslateMessage
DialogBoxParamA
CharUpperA
SetActiveWindow
DispatchMessageW
GetSysColor
ShowCaret
SendMessageW
LoadStringA
ShowWindow
EndMenu
RegisterClassW
IsCharLowerA
IsZoomed
GetDlgItem
GetMenuCheckMarkDimensions
GetDC
RegisterClassA
CloseWindowStation
GetWindowLongA
IsClipboardFormatAvailable
CreateWindowExA
LoadCursorA
LoadIconA
GetActiveWindow
IsDlgButtonChecked
CharNextA
GetDialogBaseUnits
EnumClipboardFormats
LoadCursorW
GetCursor
CreateWindowExW
CharNextW
GetKeyboardType
DrawMenuBar
Number of PE resources by type
RT_ICON 3
RT_DIALOG 2
RT_MANIFEST 1
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 8
ENGLISH US 1
PE resources
ExifTool file metadata
CodeSize
243712

SubsystemVersion
5.0

Comments
Punto Switcher

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.2.7.84

LanguageCode
Russian

FileFlagsMask
0x003f

FileDescription
Punto Switcher

CharacterSet
Unicode

InitializedDataSize
32768

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Copyright 2008-2011

FileVersion
3, 2, 7, 84

TimeStamp
2014:08:12 07:59:24+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Choose Layouts

FileAccessDate
2014:10:10 10:39:36+01:00

ProductVersion
3, 2, 7, 84

UninitializedDataSize
0

OSVersion
5.0

FileCreateDate
2014:10:10 10:39:36+01:00

OriginalFilename
layouts.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

LegalTrademarks
Punto Switcher

ProductName
Punto Switcher

ProductVersionNumber
3.2.7.84

EntryPoint
0x2320

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 b4a2afab74638628c013780352b5776d
SHA1 06a0473f473169e4acc4048c1bb0fde6db5a481c
SHA256 d1040a0976a6f150cb61aa1c0efb3d274f0687542e3680b7a2b2fcca428c3ca2
ssdeep
3072:9LjDPttW2w9XWoe63RBtLvT9IjchG4mTnGCQHHj1vW1OSHdsvo0OjmWc:9LPFtWP9u0BFNhjmKHHj1vWrsvo067

authentihash 9bb52b407f458a16e4a7412e31466aa35dd8cef3d198d01ab606ddd388616ca5
imphash 78e3d6a523f5b760729f721c8aa480a1
File size 270.0 KB ( 276480 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-08-12 08:48:06 UTC ( 4 years, 8 months ago )
Last submission 2014-08-18 12:39:44 UTC ( 4 years, 8 months ago )
File names layouts.exe
1.pdf
Wyświetl szczegóły tej transakcji.pdf.pif
e2a2bc3741a9ce1372d2e42c1a78e139527fd468
ZALACZNIK-H-12906503-12088577466380-00074221.pdf.pif_
FAKTURA-H-12906503-12088577466380-00074221.pdf.pif
Wyświetl szczegóły tej transakcji.pdf.pif.vir
Wyswietl_szczegoly_tej_transakcji.pdf.pif.exe
b4a2afab74638628c013780352b5776d.malware
Choose Layouts
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections