toolspub2[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

toolspub2.exe
Size

178KB
MD5

05d2cf367964e2a1f8c83a9df167e836
SHA1

d12c5cc51b1ee41815c5af5f279a620ba84ac407
SHA256

0f73dc9673062de7bb486da601791e67e78e9aaae6a1dc5fabbdf5abe5fcc058
SHA512

c3b9b57609b8c499c0eeadad5ac00f7e329dd064650d1f7762c1cc0d56be961ea9db178624a847cf71b7bfa52e275595514a6288ace7f557c56e42d37e72118d
SSDEEP

3072:R4qdWTLGklFGCBTk6MuMJo9aMkwtDJsT3i6IaGWK3MkCRMk5Ds:R4qATL5nGIk6zGo9aMFfsDSaGD8k4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
toolspub2.exe

Files

toolspub2.exe
.exe windows:5 windows x86 arch:x86

ecb24c3a29b2e8e22d97dc82aab435bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLocaleInfoA
WriteConsoleOutputCharacterA
InterlockedDecrement
QueryDosDeviceA
InterlockedCompareExchange
SetComputerNameW
GetComputerNameW
GetTickCount
VirtualFree
GlobalFindAtomA
LoadLibraryW
SetCommConfig
SetConsoleMode
GetWriteWatch
WriteConsoleW
SetComputerNameExW
SetThreadPriority
GetStartupInfoW
GetConsoleAliasesLengthW
SetLastError
GetProcAddress
VirtualAlloc
InterlockedExchangeAdd
LocalAlloc
CreateHardLinkW
TransmitCommChar
AddAtomW
FindFirstVolumeMountPointA
GetModuleHandleA
IsDebuggerPresent
GetStringTypeW
GetCurrentProcessId
SetFileAttributesW
DeleteFileA
lstrcpyA
WriteConsoleOutputCharacterW
GetNativeSystemInfo
FindFirstChangeNotificationW
GetLastError
GetComputerNameA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapAlloc
HeapFree
RaiseException
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
HeapCreate
QueryPerformanceCounter
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetStringTypeA
HeapSize

gdi32

StrokeAndFillPath
GetCharABCWidthsFloatW

advapi32

SetKernelObjectSecurity

shell32

ShellAboutA

Sections

.text
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ecb24c3a29b2e8e22d97dc82aab435bd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

advapi32

shell32

Sections

.text Size: 130KB - Virtual size: 129KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 5KB - Virtual size: 4.1MB

.rsrc Size: 30KB - Virtual size: 30KB

.text
Size: 130KB - Virtual size: 129KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 5KB - Virtual size: 4.1MB

.rsrc
Size: 30KB - Virtual size: 30KB