ndstool[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ndstool.exe
Size

48KB
MD5

f9569cd6c265677410078efe6b5fbb80
SHA1

90aab69417fcaf6a576d5a6520fab91d72885fd8
SHA256

b8ba20f0ef1f5febe2f654e42f82f6a3bd96c5423cd77729d5c46a32a3f86461
SHA512

380cf52158f516d3a6973a2544938349da90042d97f3ccbe8b6456b6e2f653f18299a80ea2331dac865bc97beb87ba8870fb756b1bb21da5fcf48e87f5bc5a97
SSDEEP

1536:NpILdusMPtPBHZxowUTIILvWsSDtEztd3xr:ILAsmtP5owUTI6eswt473B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Device/HarddiskVolume4/Users/s443552/Downloads/SDSME181/Data/ndstool.exe

Files

ndstool.exe
.zip

Password: 6!s0Y[9e@En{DdXg
Device/HarddiskVolume4/Users/s443552/Downloads/SDSME181/Data/ndstool.exe
.exe windows x86

Password: 6!s0Y[9e@En{DdXg

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

Size: - Virtual size: 112KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
manifest.json