Gridinsoft Logo
File Icon

The KillSwitch.exe (COMODO Internet Security) File Analysis

Updated 1 year ago
Checked by Malware Check
KillSwitch.exe

Technical Analysis

File Name KillSwitch.exe
File Type
Win32 EXE
Magic Bytes PE32+ executable (GUI) x86-64, for MS Windows
SSDEEP Hash
98304:F9Qt0uH0fwrqmSiFbnbTjW+JSSosniuNCxT5I3Ejs+Hnv3+CJoaoSB:F9USwVW+Q+izxFOCzB
Scanner Version 1.0.170.174
Database Version 2024-03-22 10:41:26 UTC

Suspicious File Detected

Detected by 7 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.
10%
Detection Rate
10,704,544
File Size (bytes)
7/70
Engines Detected
2024-03-22
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
53bb124d60f1843cb6389e525ab10f8e
SHA1
ab2b071ff9691ec035489b45581834f9d7650e16
SHA256
6dad9cbae6402010ff689c1511f1f316c913514d7aa987b02536841173eaf39f
SHA512
b4d26eb59a6560654962f5abdbb2fc244c888033cbb3e7af1c387d03b1a8083e5e2341a5d9eb2eedff80f38b5929ba60ee42de10da22074907c9fb9dc0562d3a
ImpHash
201d833cc2dbeccb25d94157e7520548

Security Engines with Detections (7 of 70)

MicroWorld-eScan
Gen:Variant.Application.KillSwitch.4 Malicious
VIPRE
Gen:Variant.Application.KillSwitch.4 Malicious
BitDefender
Gen:Variant.Application.KillSwitch.4 Malicious
FireEye
Gen:Variant.Application.KillSwitch.4 Malicious
Emsisoft
Gen:Variant.Application.KillSwitch.4 (B) Malicious
Arcabit
Trojan.Application.KillSwitch.4 Malicious
MAX
malware (ai score=71) Malicious
63 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

Icon
Hash: fdbda114f210f2df5444877851af20c6
Fuzzy: 842d0c37570a5f0f9051b3921944700a
dHash: 00e45cccecdce4c0
Image Base 0x140000000
Entry Point 0x14028e8d8
Compilation Time 2021-11-10 14:06:21
Checksum 0x00a3b05a (Actual: 0x00a3b05a)
OS Version 5.2
PEiD Signatures PE32+ executable (GUI) x86-64, for MS Windows
PDB Path d:\jenkins\workspace\CIS_CCEKS_gitlab\Release\x64\cce\Symbols\KillSwitch.pdb
Digital Signature OK
Imports 29 libraries
Exports 0 functions
Resources 1127 Resources
Sections 6 Sections

Version Information

CompanyName COMODO
FileVersion 12, 2, 3, 8026
FileDescription COMODO Internet Security
LegalCopyright 2005-2020 COMODO. All rights reserved.
ProductName COMODO Internet Security
ProductVersion 12, 2, 3, 8026
Translation 0x0409 0x04e4

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 5,031,420 bytes 5,031,424 bytes 6.38 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6C640F507DC94EFB59DCBA5E7B19CA85
.rdata 0x004ce000 2,165,436 bytes 2,165,760 bytes 4.50 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 0DEE0AFE1E2A74D4A4C62531BCC1F7D7
.data 0x006df000 158,696 bytes 103,936 bytes 4.47 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE F0BED9745B4289E5D74D589E291CE0CF
.pdata 0x00706000 253,524 bytes 253,952 bytes 6.43 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 9E3C644FC3DA84A6A6BCEB86453433BC
.rsrc 0x00744000 2,886,608 bytes 2,886,656 bytes 7.23 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 0EE559A2219D3B1F564B965EBAD2DF31
.reloc 0x00a05000 156,620 bytes 156,672 bytes 5.45 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ E76A377D8D4E30632A552B7A2DEA3030
Entropy Analysis Alert

1 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 1127 (2,775,371 bytes)
Resource Type Count Total Size Percentage
AFX_DIALOG_LAYOUT 1 2 bytes
0%
PNG 632 1,515,385 bytes
54.6%
RTF 1 249,735 bytes
9%
TEXTFILE 3 71,180 bytes
2.6%
RT_CURSOR 53 19,244 bytes
0.7%
RT_BITMAP 33 257,162 bytes
9.3%
RT_ICON 64 514,088 bytes
18.5%
RT_MENU 20 8,756 bytes
0.3%
RT_DIALOG 106 71,956 bytes
2.6%
RT_STRING 111 45,186 bytes
1.6%
RT_ACCELERATOR 1 48 bytes
0%
RT_GROUP_CURSOR 46 1,018 bytes
0%
RT_GROUP_ICON 14 980 bytes
0%
RT_VERSION 1 692 bytes
0%
RT_HTML 34 18,993 bytes
0.7%
RT_MANIFEST 1 798 bytes
0%
None 6 148 bytes
0%

Certificate Chain Analysis

Certificate Information
Product COMODO Internet Security
Description COMODO Internet Security
File Version 12, 2, 3, 8026
Signing Date 02:15 PM 11/10/2021 (1312 days ago)
Verification Status Signed
Signers Comodo Security Solutions, Inc.; COMODO RSA Extended Validation Code Signing CA; Sectigo (formerly Comodo CA)
Counter Signers Sectigo RSA Time Stamping Signer #2; Sectigo RSA Time Stamping CA; Sectigo
Copyright 2005-2020 COMODO. All rights reserved.
Certificate Chain Summary
AddTrust External CA Root #1 Primary
Validity Period: 2013-08-15 20:26:30 → 2023-08-15 20:36:30
Signature Algorithm: sha1RSA
Serial Number: 33 00 00 00 35 D8 D5 59 5B 06 71 41 2B 00 00 00 00 00 35
COMODO RSA Certification Authority #2 Chain
Validity Period: 2000-05-30 10:48:38 → 2020-05-30 10:48:38
Signature Algorithm: sha384RSA
Serial Number: 27 66 EE 56 EB 49 F3 8E AB D7 70 A2 FC 84 DE 22
Comodo Security Solutions, Inc. #3 Chain
Validity Period: 2018-12-04 00:00:00 → 2021-12-03 23:59:59
Signature Algorithm: sha256RSA
Serial Number: 1B 42 7B 06 0E 28 66 BF B5 86 CC 26 7E 1C 3E AA
COMODO RSA Extended Validation Code Signing CA #4 Chain
Validity Period: 2014-12-03 00:00:00 → 2029-12-02 23:59:59
Signature Algorithm: sha384RSA
Serial Number: 6D D4 72 EB 02 AE 04 06 E3 DD 84 3F 5F E1 45 E1
Sectigo RSA Time Stamping Signer #2 #5 Chain
Validity Period: 2020-10-23 00:00:00 → 2032-01-22 23:59:59
Signature Algorithm: sha384RSA
Serial Number: 8C 77 A0 00 8F F4 D1 B0 C6 3D 9F 3A 48 83 8D 6B
Sectigo RSA Time Stamping CA #6 Chain
Validity Period: 2019-05-02 00:00:00 → 2038-01-18 23:59:59
Signature Algorithm: sha384RSA
Serial Number: 30 0F 6F AC DD 66 98 74 7C A9 46 36 A7 78 2D B9

✓ This file has been digitally signed and the certificate chain has been verified

  • The signature ensures file integrity and authenticity from the publisher
  • Timestamping proves when the signature was applied
Certificate Verification Status

OK

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
7 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware