Tools[.]exe | Triage

Sharing

General

Target

Tools.exe
Size

17.8MB
MD5

6f9a824001b0124db66f808ecab25cbd
SHA1

539b08d754fc3eb100ac189c9ae4ac100fd0ed0c
SHA256

a868724002d7af3c0ed880a3b56f2256d4c60d4bcd61bd5607b894aa72b51423
SHA512

0c6371b0e5749f3c029eb89fa94c1751a9b1f552654df2e2acb595b513dfadff2875dbc5f40bf268f682387a0c62514b90f5705d7110b3d07853bd4a978ca1c4
SSDEEP

393216:VEVCNjvwNIJfa86uq97Nw3qi6LjwrtOquHNb5uXdKDL+i:CVCNrSIQ86p9ia/MtjuHx8Xkqi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Tools.exe

Files

Tools.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 17.6MB - Virtual size: 17.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ