Gridinsoft Logo
File Icon

The PuntoSwitcherSetup.exe (Software Installer) File Analysis

Updated 2 months ago
Checked by Malware Check
PuntoSwitcherSetup.exe

Technical Analysis

File Name PuntoSwitcherSetup.exe
File Type
Win32 EXE
Magic Bytes PE32 executable (GUI) Intel 80386, for MS Windows
SSDEEP Hash
98304:dcbgZ7rbsV00usn1Jq/kkYQnxPDynur7vzw1RJhRqFmV:B1XsKVmIyur7v+V
Scanner Version 1.0.228.174
Database Version 2025-11-08 09:00:27 UTC

Suspicious File Detected

Detected by 5 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.
7%
Detection Rate
4,918,592
File Size (bytes)
5/72
Engines Detected
2025-11-08
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
4d117942431a29406cbd484bb348ed6e
SHA1
b2a481bb6e6887546651cfa392708d2d35f5660b
SHA256
a3928fd3924b4582dee1987170e3b5619e3473ed5241602bfe65040206d3a7c8
SHA512
38a2434f217b67e5fd82aa358ecc1a1c8fe37b5800816afe2a06ba35006dc1511f222917c12a26f8a9241ae5d707eeb7070c49955c61ade311713db901af3c74
ImpHash
c784dc8ffecfe10b6ca19f9a9c8dc41c

Security Engines with Detections (5 of 72)

ESET-NOD32
a variant of Generik.ERIYCHK potentially unwanted Malicious
DeepInstinct
MALICIOUS Malicious
Malwarebytes
PUP.Optional.Yandex.DDS Malicious
TrellixENS
Artemis!4D117942431A Malicious
Fortinet
Riskware/Application Malicious
67 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

Icon
Hash: ceaed9b9203e8fbc5167edde74d5ea07
Fuzzy: ce8ecac4cc0b90b6cf55ddccd68ad5f7
dHash: f2f0cccce8f07202
Image Base 0x00400000
Entry Point 0x00403866
Compilation Time 2024-07-22 17:25:26
Checksum 0x004b8da9 (Actual: 0x004b8da9)
OS Version 6.0
PEiD Signatures PE32 executable (GUI) Intel 80386, for MS Windows
PDB Path C:\BuildAgent\work\897482836e9bb448\wix\setupexe\Release\setupexe.pdb
Digital Signature OK
Imports 6 libraries
msi, COMCTL32, KERNEL32, USER32, SHELL32, ole32
Exports 0 functions
Resources 13 Resources
Sections 4 Sections

Version Information

CompanyName Yandex LLC
FileDescription Software Installer
FileVersion 4, 5, 0, 583
InternalName setup
LegalCopyright Copyright (c) 2008-2023 Yandex LLC. All rights reserved.
OriginalFilename setup.exe
ProductName Punto Switcher
ProductVersion 4, 5, 0, 583
Translation 0x0409 0x04e4

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 71,867 bytes 72,192 bytes 6.62 (Compressed) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 14E035FA550127BE01D6E8E897C49BC8
.rdata 0x00013000 27,610 bytes 27,648 bytes 5.24 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ D5F226ADFF393219CCE92A37B2E32C14
.data 0x0001a000 4,524 bytes 2,048 bytes 2.00 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 64B4A250436560383E9E38C5BA224121
.rsrc 0x0001c000 4,804,420 bytes 4,804,608 bytes 6.68 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ A83D34E361DBCFB1994C25FEDAE656F4
Entropy Analysis Alert

2 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 13 (4,803,550 bytes)
Resource Type Count Total Size Percentage
RT_BITMAP 1 52,232 bytes
1.1%
RT_ICON 4 31,968 bytes
0.7%
RT_DIALOG 1 528 bytes
0%
RT_STRING 2 2,050 bytes
0%
RT_RCDATA 2 4,714,668 bytes
98.1%
RT_GROUP_ICON 1 62 bytes
0%
RT_VERSION 1 800 bytes
0%
RT_MANIFEST 1 1,242 bytes
0%

Certificate Chain Analysis

Certificate Information
Product Punto Switcher
Description Software Installer
File Version 4, 5, 0, 583
Original Name setup.exe
Signing Date 05:27 PM 07/22/2024 (535 days ago)
Verification Status Signed
Signers YANDEX LLC; GlobalSign GCC R45 EV CodeSigning CA 2020; GlobalSign Code Signing Root R45
Counter Signers Sectigo RSA Time Stamping Signer #4; Sectigo RSA Time Stamping CA; Sectigo
Internal Name setup
Copyright Copyright (c) 2008-2023 Yandex LLC. All rights reserved.
Certificate Chain Summary
DigiCert High Assurance EV Root CA #1 Primary
Validity Period: 2006-11-10 00:00:00 → 2031-11-10 00:00:00
Signature Algorithm: sha1RSA
Serial Number: 02 AC 5C 26 6A 0B 40 9B 8F 0B 79 F2 AE 46 25 77
.NET Foundation Projects Code Signing CA #2 Chain
Validity Period: 2018-04-27 12:41:59 → 2028-04-27 12:41:59
Signature Algorithm: sha256RSA
Serial Number: 07 B0 41 8D A5 1E 14 8C 33 1B BC DE B7 13 83 23
WiX Toolset (.NET Foundation) #3 Chain
Validity Period: 2019-04-03 00:00:00 → 2022-04-07 12:00:00
Signature Algorithm: sha256RSA
Serial Number: 0D 5E F9 03 03 C2 28 03 77 DF E0 4D 74 E2 08 61
DigiCert SHA2 Timestamp Responder #4 Chain
Validity Period: 2017-01-04 00:00:00 → 2028-01-18 00:00:00
Signature Algorithm: sha256RSA
Serial Number: 09 C0 FC 46 C8 04 42 13 B5 59 8B AF 28 4F 4E 41
DigiCert SHA2 Assured ID Timestamping CA #5 Chain
Validity Period: 2016-01-07 12:00:00 → 2031-01-07 12:00:00
Signature Algorithm: sha256RSA
Serial Number: 0A A1 25 D6 D6 32 1B 7E 41 E4 05 DA 36 97 C2 15
YANDEX LLC #6 Chain
Validity Period: 2024-03-20 14:23:35 → 2026-03-21 14:23:35
Signature Algorithm: sha256RSA
Serial Number: 6F 12 6C 9C C2 87 DE 45 8C E8 90 F6
GlobalSign GCC R45 EV CodeSigning CA 2020 #7 Chain
Validity Period: 2020-07-28 00:00:00 → 2030-07-28 00:00:00
Signature Algorithm: sha256RSA
Serial Number: 77 BD 0E 05 B7 59 0B B6 1D 47 61 53 1E 3F 75 ED
GlobalSign Code Signing Root R45 #8 Chain
Validity Period: 2020-03-18 00:00:00 → 2045-03-18 00:00:00
Signature Algorithm: sha384RSA
Serial Number: 76 53 FE AC 75 46 48 93 F5 E5 D7 4A 48 3A 4E F8
Sectigo RSA Time Stamping Signer #4 #9 Chain
Validity Period: 2023-05-03 00:00:00 → 2034-08-02 23:59:59
Signature Algorithm: sha384RSA
Serial Number: 39 4C 25 E1 7C A0 6D 27 A8 65 E2 3B D9 1D 22 D4
Sectigo RSA Time Stamping CA #10 Chain
Validity Period: 2019-05-02 00:00:00 → 2038-01-18 23:59:59
Signature Algorithm: sha384RSA
Serial Number: 30 0F 6F AC DD 66 98 74 7C A9 46 36 A7 78 2D B9

✓ This file has been digitally signed and the certificate chain has been verified

  • The signature ensures file integrity and authenticity from the publisher
  • Timestamping proves when the signature was applied
Certificate Verification Status

OK

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
5 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Your Score for
/

Gridinsoft Anti-Malware

Stay Malware-Free: Keep Your PC Protected with Gridinsoft Anti-Malware

Gridinsoft Anti-Malware offers just that—peace of mind with a robust, user-friendly solution that’s constantly updated to combat the latest threats. Designed by cybersecurity experts, it provides real-time protection and effortless malware removal. It’s not just about detecting threats; it's about enhancing your digital life with uninterrupted security. Give it a try and experience what it feels like to browse worry-free!

Gridinsoft Anti-Malware Download Now
Gridinsoft Anti-Malware