ERTool_v1[.]4[.]4[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ERTool_v1.4.4.exe
Size

197KB
MD5

2a14f856acf5bb88efd2c83962b329e1
SHA1

0a49082249f162466be5b344352c19e96e1dab6d
SHA256

a0c79d3f3814ec4bd8d98e4d3b9f777844d0980c8735bb5051a217ecfb95f8ce
SHA512

29189b105612f01bd6c71259a336e129993b02a33d840702e8a197099dcf0ba39bdb9c77b814ccd5bc8dd8fa2a22bb9fea1c6a58df30d6043b85c923ac9ca44f
SSDEEP

3072:AGN7A/c9rVqJN+mGZpREr5Cuz6+fktx3Ukc0q+duwW:DyN+xZ0kxk/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ERTool_v1.4.4.exe

Files

ERTool_v1.4.4.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\code\csproj\EldenRingTool\obj\Release\EldenRingTool.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ