home

SwitchToSession0.exe

Switch To Session 0

Core Technologies Consulting, LLC

This is a setup program which is used to install the application. The file has been seen being downloaded from www.coretechnologies.com.
Publisher:
Core Technologies Consulting, LLC  (signed and verified)

Product:
Switch To Session 0

Description:
SwitchToSession0

Version:
1, 4, 0, 15

MD5:
620ec46909f2260ff9d1d1bf4c4788c1

SHA-1:
2798df6f11f9b6e0c442e8b665e4d4e9e4bad530

SHA-256:
4c89d309c6296ef010f65bebc159c983cae441ec9142622602eba30cd9327544

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
4/25/2024 4:34:49 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Packed/PECompact
7.1.1

File size:
442 KB (452,656 bytes)

Product version:
1, 4, 0, 15

Copyright:
© 2013, Core Technologies Consulting, LLC

Original file name:
SwitchToSession0.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\switchtosession0.exe

Digital Signature
Signed by:
Core Technologies Consulting, LLC

Authority:
COMODO CA Limited

Valid from:
3/8/2012 4:00:00 PM

Valid to:
3/9/2017 3:59:59 PM

Subject:
CN="Core Technologies Consulting, LLC", O="Core Technologies Consulting, LLC", STREET=7028-B Thornhill Drive, L=Oakland, S=CA, PostalCode=94611, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00D00935DF99CBA1C55CAFE1BFAB858701

File PE Metadata
Compilation timestamp:
5/18/2013 8:09:35 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:JqDT3TVK1LzJrBne45aUOZ4nL92zgrEd/fs6uqOGI:Jw3xKd/aV3fBuMI

Entry address:
0x1000

Entry point:
B8, 20, 49, 56, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, EB, E8, AF, D2, 1D, F8, 6A, CB, C2, CE, E9, 42, 60, FF, EF, 69, 92, D4, A4, B8, A4, CE, ED, 57, D6, 21, E3, E3, DF, 69, CE, 86, DD, 50, 8D, 0B, 38, 3E, 62, 46, 61, DB, FD, D8, A4, 1A, C8, CC, 8C, 4A, 59, 13, B7, AE, 36, 3B, 14, 03, BA, 3C, 61, 65, D0, 4B, 57, 7D, F1, 68, DF, 3B, E6, 0C, 8A, 9E, AF, 3F, 4B, 0E, 4B, 6D, AC, 36, 8D, 85, FA, EF, AB, EE, 8C, BF, 91, F6, AA...
 
[+]

Entropy:
7.9081

Packer / compiler:
PECompact v2

Code size:
866.5 KB (887,296 bytes)

The file SwitchToSession0.exe has been seen being distributed by the following URL.

http://www.coretechnologies.com/products/.../SwitchToSession0.exe

Scan SwitchToSession0.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.