MicrosoftToolkit[.]exe | Triage

Sharing

General

Target

MicrosoftToolkit.exe
Size

317.1MB
MD5

d3086e8a000add3d507a72d464e82e4b
SHA1

16de80b98ac8cbb17863662fa1d02b6cd3151628
SHA256

2a9b1c1f730c4146ff4356e3c5b6329ff5ea6f022d51146b61df8d276afd90df
SHA512

6ed6edd5bc1604bdaecbb2b2181bdc5820d53d90477f47980aa14bbc1c081c0e178b524bb972e13df6fa134403d7ff3ac6fd6772857c32f69f7dd0efef0a839e
SSDEEP

196608:WXnfk307gaHtQJhl4b9m/yNhnrH1PY0Zh4e:WXn830cI+lr/yNhnrVPzh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
MicrosoftToolkit.exe

Files

MicrosoftToolkit.exe
.exe windows:6 windows x86 arch:x86

cc4d418dcfe8a887ed78a3c1e2af0b5d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

Sections

.text
Size: - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 10.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

[0]
Size: 311.3MB - Virtual size: 311.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.;^K
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

./JR
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.J%g
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ