gtsplus-proxymanager[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

gtsplus-proxymanager.exe
Size

37KB
MD5

4f067c51720ef4d64c22295ad9cfb14e
SHA1

763800b07fc878f09b65d42818dfd669c87afb0e
SHA256

3dbc2c89b1d525c733214282dd614e336c5bac651ce1adb6af259fb84795089c
SHA512

333ece3478cc96e1382e2934f9007610282a5d64f33e690688111a61ea42f8f1ec0e33d1890fc2b885223f89e2310e89ec657f46fe22c6ded22752c592dfdc82
SSDEEP

384:t00UmhmAzFvgoiuTZySr7MPvBQWNVIBREwYjMyuEZl:tMWBvgoiC/MlmRV8MhEZl

Score

1^/10

Malware Config

Signatures

Files

gtsplus-proxymanager.exe
.exe windows x86

Code Sign

1f:00:00:00:07:e2:bd:eb:22:ae:16:5a:f1:00:00:00:00:00:07
Certificate

Issuer

CN=G2-ECC-GTS-AL-SIGNING3,OU=TPCA,O=TMNA,C=US

Not Before

09/09/2022, 21:32

Not After

09/10/2023, 21:42

Subject

CN=AgentLite.sign,OU=CCS,O=Toyota Motor North America,L=Plano,ST=Texas,C=US

4d:a8:27:36:df:0c:e9:57:00:0a:48:4a:91:c6:45:ba:3f:5d:b2:18:10:dd:22:e9:86:40:72:be:f3:88:e6:4b
Signer

Actual PE Digest

4d:a8:27:36:df:0c:e9:57:00:0a:48:4a:91:c6:45:ba:3f:5d:b2:18:10:dd:22:e9:86:40:72:be:f3:88:e6:4b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 20KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ