home

AudioSwitcher.exe

Audio Switcher

Forty One Ltd.

It runs as a scheduled task under the Windows Task Scheduler named AudioSwitcher triggered to execute each time a user logs in. The file has been seen being downloaded from www.majorgeeks.com and multiple other hosts.
Publisher:
Forty One Ltd.

Product:
Audio Switcher

Version:
1.6.9.102

MD5:
a0c8725fcd1c0ca242ed2d3ed2d84cd3

SHA-1:
7f8847fd41f2702f8a7a619b6ab95c7ce1917ccd

SHA-256:
997887d2534cc706583adb9ab7898951f2f2ad8096f878be405bcb82fe6f5f01

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
4/18/2024 12:04:07 PM UTC  (today)

Scan engine
Detection
Engine version

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1077

File size:
434.5 KB (444,928 bytes)

Product version:
1.6.9.102

Copyright:
Copyright © 2015

Original file name:
AudioSwitcher.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\free standing\audioswitcher_1_6_4_2\audioswitcher.exe

File PE Metadata
Compilation timestamp:
12/11/2015 8:44:14 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:EN9jbZ8AgF6iC/O259drqmgAiq2mgAiqemgAiq7grEhF2JHlAiq:SqmgAimgAKmgAQreFiHlA

Entry address:
0x610FE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.5850

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
380.5 KB (389,632 bytes)

Scheduled Task
Task name:
AudioSwitcher

Path:
\UAC pass\AudioSwitcher

Trigger:
Logon (Runs on logon)

Description:
With User Account Control activated, this scheduled task will run AudioSwitcher with Administrator rights without UAC prompt. It only works if The cre


The file AudioSwitcher.exe has been seen being distributed by the following 2 URLs.

http://www.majorgeeks.com/index.php?ct=files&action=download&

http://files1.majorgeeks.com/ee8719c6136da3bc870c235ef3069b60/.../AudioSwitcher.exe

Scan AudioSwitcher.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.