PETools[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

PETools.exe
Size

1.1MB
MD5

a926b22e1db3b1dee31553184d653ef4
SHA1

0cc211039f4febc3cca2476d5b985c8e0eb0fc81
SHA256

8fd1a1cc1a253fd58693c181895d392ba20fc2a638aaecbc2e8f5d004db8fc27
SHA512

da202cb3875c417bf757366dc8dc3278b9fbc627ecac720e52cc4ef6b136fab044f9ab1bec9a164af6cefe2a5f119bf451d59a3c041b5a83d7e7ebc2e422df4b
SSDEEP

12288:NSY9DeF40czDvWtoD3j+xq+8u/0OmC8tkaCom5r5SZDnKtTgT+b1VBW5akpkLR4v:L620cz6+Dzo8Oh8I5StnKtTgyb1XW5j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PETools.exe

Files

PETools.exe
.exe windows:5 windows x86 arch:x86

896d88db0161dd9ab4b5ce4f5ef9929e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord6
CreateToolbarEx
ImageList_Remove
InitCommonControlsEx
ord17
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Create
ImageList_Destroy

shlwapi

PathFindExtensionA

kernel32

IsBadReadPtr
IsBadStringPtrA
HeapAlloc
HeapFree
GetProcessHeap
CreateThread
ExitThread
SetEvent
WaitForSingleObject
lstrcatA
CreateEventA
DeleteFileA
MulDiv
GetProcAddress
VirtualAlloc
OpenProcess
lstrcmpA
GlobalMemoryStatus
VirtualQuery
SetFilePointer
GetFileTime
GetSystemTimeAsFileTime
GetSystemInfo
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetModuleFileNameA
GlobalReAlloc
FlushFileBuffers
DeviceIoControl
SetEndOfFile
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile
CreateFileMappingA
VirtualQueryEx
GetLastError
IsBadWritePtr
LocalAlloc
LocalFree
GetCurrentProcess
ExitProcess
GetLocalTime
SetProcessShutdownParameters
SetCurrentDirectoryA
GetCurrentDirectoryA
SetPriorityClass
GetPriorityClass
GetLongPathNameA
SetFileAttributesA
CopyFileA
FileTimeToSystemTime
FindNextFileA
ReadFile
GetNativeSystemInfo
GetFileAttributesA
GetEnvironmentVariableA
HeapReAlloc
GetPrivateProfileStructA
WritePrivateProfileStructA
GetFileSize
WideCharToMultiByte
TerminateThread
OutputDebugStringW
GetConsoleCP
GetStringTypeW
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
SetFilePointerEx
ReadConsoleW
GetConsoleMode
LoadLibraryExW
GetModuleFileNameW
GetStdHandle
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
Sleep
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetCurrentThreadId
SetLastError
IsDebuggerPresent
HeapSize
GetCommandLineA
AreFileApisANSI
GetModuleHandleExW
IsProcessorFeaturePresent
RtlUnwind
CreateFileW
RaiseException
DecodePointer
EncodePointer
lstrcmpiA
MultiByteToWideChar
FindFirstFileA
CreateFileA
GetTempFileNameA
GetTempPathA
OutputDebugStringA
CreateProcessA
lstrcpynA
GetTickCount
CloseHandle
FindClose
WriteFile
ResumeThread
WriteProcessMemory
ReadProcessMemory
TerminateProcess
VirtualProtectEx
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
lstrlenA
lstrcpyA
GetModuleHandleA
GetVersion
SetStdHandle
WriteConsoleW
LoadLibraryA

user32

SetWindowPlacement
GetWindowPlacement
DestroyWindow
UnregisterClassA
RegisterClassA
PostQuitMessage
DispatchMessageA
CreateDialogParamA
GetMessageA
RemoveMenu
GetDlgItemInt
EnableMenuItem
CheckRadioButton
IsWindow
DefDlgProcA
CharLowerBuffA
SetTimer
CheckMenuItem
KillTimer
LoadAcceleratorsA
DestroyAcceleratorTable
TranslateAcceleratorA
GetMenu
GetSystemMenu
TranslateMessage
SendMessageA
PostMessageA
SetWindowPos
DialogBoxParamA
EndDialog
GetDlgItem
wvsprintfA
GetParent
FillRect
InsertMenuItemA
GetWindowRect
IsMenu
SetDlgItemInt
IsDialogMessageA
CheckMenuRadioItem
SetMenuItemInfoA
GetSysColor
SetActiveWindow
GetWindowLongA
EndPaint
BeginPaint
UpdateWindow
ReleaseDC
GetDC
LoadImageA
DestroyIcon
RedrawWindow
CharLowerA
MoveWindow
MapWindowPoints
EnableWindow
ShowWindow
LoadIconA
GetSystemMetrics
SetWindowLongA
GetWindowTextA
SetFocus
CharUpperA
EmptyClipboard
EnumClipboardFormats
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
GetClassInfoA
CallWindowProcA
SetWindowTextA
IsDlgButtonChecked
CheckDlgButton
ClientToScreen
GetCursorPos
MessageBoxA
TrackPopupMenu
AppendMenuA
DestroyMenu
CreatePopupMenu
GetActiveWindow
GetDlgItemTextA
wsprintfA
DestroyCursor
LoadCursorA
LoadBitmapA
GetSysColorBrush
ChildWindowFromPoint
SetCursor
GetClientRect
InvalidateRect
SendDlgItemMessageA
SetDlgItemTextA
FindWindowA

gdi32

MoveToEx
LineTo
CreatePen
GetDeviceCaps
GetObjectA
SetTextColor
SetBkMode
SelectObject
GetStockObject
DeleteObject
CreateSolidBrush
CreateFontIndirectA

comdlg32

GetOpenFileNameA
GetSaveFileNameA

advapi32

RegCloseKey
RegCreateKeyA
RegDeleteKeyA
RegOpenKeyExA
RegSetValueA
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
RegQueryValueExA
GetUserNameA

shell32

DragAcceptFiles
DragQueryFileA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetFileInfoA
DragFinish
ShellExecuteA

ole32

CoCreateInstance

imagehlp

BindImageEx
ImageRvaToSection
CheckSumMappedFile
ImageRvaToVa
ImageNtHeader

hedit

HESetInternalOptions
HEShowWindow

rebpe

DumpFix
DumpFixer64
RebuildResourceDirectoryMemory32
ResizeFile
DumpFixer32
ReBasePEImage
ValidateDump32
ValidatePE
WipeReloc
RebuildPE

Sections

.text
Size: 285KB - Virtual size: 285KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 704KB - Virtual size: 703KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

896d88db0161dd9ab4b5ce4f5ef9929e

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

shlwapi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

imagehlp

hedit

rebpe

Sections

.text Size: 285KB - Virtual size: 285KB

.rdata Size: 74KB - Virtual size: 74KB

.data Size: 33KB - Virtual size: 58KB

.rsrc Size: 704KB - Virtual size: 703KB

.reloc Size: 25KB - Virtual size: 24KB

.text
Size: 285KB - Virtual size: 285KB

.rdata
Size: 74KB - Virtual size: 74KB

.data
Size: 33KB - Virtual size: 58KB

.rsrc
Size: 704KB - Virtual size: 703KB

.reloc
Size: 25KB - Virtual size: 24KB