IO tootls[.]exe | Triage

Sharing

General

Target

IO tootls.exe
Size

207KB
MD5

5afd3e0ac701a47f48772af3c5eb54d1
SHA1

ac20c5db48d258c9f00845fb3508e90d4f3187ae
SHA256

6060fb48cc4a123bb9a64f8854f8c5253dc125194469f2e4b0821d4248f14c3c
SHA512

24329cf850d5578c13799f093394c619ece7c0ba36a79fc57084e9c1da38d119e39bc27e5e91de12c1426bf1fe7131060ce3a20fc566d90525a99e4da914337b
SSDEEP

6144:rJX6OJ0PS7eEcJWIUPjw7B5oZKH4FIlhuc4w1VVcKGwO9t:94SqE4q7coY4ShucV43

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
IO tootls.exe

Files

IO tootls.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ