» nice2.exe
Overview
Analysis
File Details
Downloads (1)

nice2.exe

Punto Switcher

ООО Яндекс

This is a setup program which is used to install the application. The file has been seen being downloaded from hid2s.com.

File name:

nice2.exe

Publisher:

ООО Яндекс

Product:

Punto Switcher

Description:

Выгрузчик Punto Switcher

Version:

3.2.3.51

MD5:

a312fa20d7ab3b1c30547f410d4ba69c

SHA-1:

4d6925e86d673b53b6c0c63a87ebc755fbe6b1af

SHA-256:

e1b1a77c3c75522ee9a2e45dcbd515b8347da593cd326ed60c8c6a7be50b4481

Scanner detections:

1 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

11/24/2024 3:50:02 PM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Generik.GZZFAQX trojan

8.0.319.0

File size:

193.3 KB (197,938 bytes)

Product version:

3.2.3.51

Trademarks:

Punto Switcher

Original file name:

puntounloader.exe

File type:

Executable application (Win32 EXE)

Language:

Russian (Russia)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\nice2.exe

File PE Metadata

Compilation timestamp:

6/26/2016 9:11:35 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:AEDdTrPfbDl5/O7E5tWjB+9rQN1gCl3jW:AYPPG7qtig3Cla

Entry address:

0x4930

Entry point:

55, 8B, EC, B8, 88, F9, 01, 00, E8, C3, C6, FF, FF, 57, C7, 45, EC, 29, 00, 00, 00, 68, D7, 15, 00, 00, A1, 74, 1A, 43, 00, 50, FF, 15, 2C, 71, 42, 00, 85, C0, 74, 02, CD, 06, FF, 15, 20, 70, 42, 00, 8B, 0D, 74, 1A, 43, 00, 51, FF, 15, 5C, 70, 42, 00, 8B, 95, A8, 06, FE, FF, 2B, 95, B4, 06, FE, FF, 89, 95, A0, 06, FE, FF, A1, 74, 1A, 43, 00, 50, FF, 15, 68, 70, 42, 00, 8B, 0D, 74, 1A, 43, 00, 51, FF, 15, 50, 70, 42, 00, 8B, 95, B4, 06, FE, FF, 0F, AF, 95, 94, 06, FE, FF, 89, 95, A4, 06, FE, FF, FF, 15, 70... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

149.5 KB (153,088 bytes)

The file nice2.exe has been seen being distributed by the following URL.

http://hid2s.com/.../nice2.exe

Scan nice2.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.