home

hosts.exe

Switch Hosts

BKHN

This is a setup program which is used to install the application. The file has been seen being downloaded from www.tools.toflo.de.
Publisher:
BKHN

Product:
Switch Hosts

Version:
1.00

MD5:
d1c67c76387c48bab15c45e4c8c7b925

SHA-1:
d6ac712f519bf65663c223611aca161c619a5b02

SHA-256:
89c0932a0ee50ac0b9d1f1a936a311beddb325c124f11b11c5d461cd96f07936

Scanner detections:
3 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/26/2024 9:13:17 AM UTC  (today)

Scan engine
Detection
Engine version

Comodo Security
UnclassifiedMalware
23921

ESET NOD32
probably unknown NewHeur_PE virus
7.0.302.0

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.9.5.0

File size:
64 KB (65,536 bytes)

Product version:
1.00

Original file name:
Switch Hosts.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\windows\hosts.exe

File PE Metadata
Compilation timestamp:
2/13/2012 5:44:51 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
768:oGbONO7zEYOug/mIBOvzbTzUM8ojgxKUEKdNSTbAQ9d75lixVBUeZUYcOangJ/9U:zD7PxSEfepzaokMnMv0

Entry address:
0x1B50

Entry point:
68, 3C, 2C, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 68, 00, 00, 00, 40, 00, 00, 00, 86, 7D, 6A, C3, 0B, D5, B7, 44, A5, 99, D2, EC, C5, 71, AC, 61, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 53, 77, 69, 74, 63, 68, 48, 6F, 73, 74, 73, 00, 00, 00, 00, 00, 53, 77, 69, 74, 63, 68, 20, 48, 6F, 73, 74, 73, 20, 2D, 20, 42, 61, 74, 63, 68, 20, 48, 6F, 73, 74, 66, 69, 6C, 65, 2D, 53, 77, 69, 74, 63, 68, 65, 72, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 0B, ED, 5B, 21...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
52 KB (53,248 bytes)

The file hosts.exe has been seen being distributed by the following URL.

http://www.tools.toflo.de/.../Switch Hosts.exe

Scan hosts.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.