toolspub2[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

toolspub2.exe
Size

190KB
MD5

a137245d8bc8109c4bc3df6e2b37d327
SHA1

ed8973e65b2aacb60683787831de37e7c805fa6c
SHA256

f342950ea78a3910911df852de530912090acea09b895e299d4ba0132ee146ee
SHA512

5d83e91ac5862c62d5b90418a75feaedcffb01aa2a396d1cb71c11d9dfbfb0e415d38687ce0736b7159f874835ace02f27d11067b2ab6b81f58a948f10fabc00
SSDEEP

3072:NmryVYLB2K+OZvhatgDcYYkTz1ICn55cD5WJA2Y:CLEKfZvlc4X13559X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
toolspub2.exe

Files

toolspub2.exe
.exe windows:5 windows x86

b402c7220872217841e38133c9655d5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempFileNameW
FindFirstFileW
SetThreadContext
FindFirstChangeNotificationW
PeekNamedPipe
SetEndOfFile
LoadResource
SetConsoleTextAttribute
GetLogicalDriveStringsW
FreeEnvironmentStringsA
GetModuleHandleW
GetTickCount
GetConsoleAliasesLengthA
GetDateFormatA
ReadConsoleInputA
GetFileAttributesA
FileTimeToSystemTime
CreateFileW
GlobalUnlock
GetShortPathNameA
GetLastError
GetProcAddress
VirtualAlloc
BackupWrite
LoadLibraryA
CreateHardLinkW
SetFileApisToANSI
BeginUpdateResourceA
OpenJobObjectW
FoldStringA
FindFirstVolumeA
ReadConsoleOutputCharacterW
HeapSize
GetLocaleInfoA
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
MultiByteToWideChar
GetStartupInfoW
RaiseException
RtlUnwind
HeapAlloc
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

ChangeMenuW
GetKeyNameTextA
GetClassInfoExA
GetMessageExtraInfo
LoadBitmapA
GetParent
LoadMenuA
DdeQueryStringW
CopyIcon
FlashWindow
CharToOemBuffW

Sections

.text
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 28.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b402c7220872217841e38133c9655d5b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 130KB - Virtual size: 129KB

.data Size: 9KB - Virtual size: 28.3MB

.rsrc Size: 18KB - Virtual size: 18KB

.reloc Size: 31KB - Virtual size: 31KB

.text
Size: 130KB - Virtual size: 129KB

.data
Size: 9KB - Virtual size: 28.3MB

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 31KB - Virtual size: 31KB