BLTools[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

BLTools.exe
Size

592KB
MD5

e79f0b7128f60b11afb6c2752aeb6461
SHA1

1a694782f5e5f108464373035e52de05b0b43a7f
SHA256

2465099d1d8afd54d4eccd0c3ef65ff7591beb59fe6fff501ee535733ae4242b
SHA512

f4d258d604fa29c619c817b27403ac9cca10fe199e2424262ff041add9e7a27de8efc2f5e71535dbcf063aaaa92cc0bea633b07383c77a39829f6b1447724718
SSDEEP

12288:C9w16LhK3JOgG8GmDPNYnIDjDXSHwlzOCP6LckM5B7oIJ:Gw6Lk3UbZAYejrEaiy5BEI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
BLTools.exe

Files

BLTools.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 523KB - Virtual size: 523KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ