home

md5tool.exe

MD5:
42436f04b27a08372c678e0cb1e020a4

SHA-1:
11c917194e9dca1513d11e9dfc7ac21ca49964bf

SHA-256:
f9573985d9c62879407d40dc6fbdc4d7749ce09a6a07ec4afd2857e76b0d69aa

Scanner detections:
6 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/20/2024 4:36:30 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Backdoor.Psychward
7.1.1

Bkav FE
HW32.Packed
1.3.0.7383

McAfee
Artemis!42436F04B27A
5600.6556

Quick Heal
(Suspicious) - DNAScan
12.15.14.00

Trend Micro House Call
PAK_Generic.001
7.2.344

Trend Micro
PAK_Generic.001
10.465.10

File size:
34.7 KB (35,518 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\md5tool.exe

File PE Metadata
Compilation timestamp:
1/12/2004 7:42:56 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
6.0

CTPH (ssdeep):
384:DRbUVbNZnFdbNa7k9iv6HLYbNLbphdSQQiZ+2TQPk182KPajQ53wZvOkWkLON3qU:iZF/n9IsSViis2ks4PX3EYMW4cVZ

Entry address:
0xE064

Entry point:
E9, A6, 00, 00, 00, 44, F8, 40, 00, 2C, E0, 40, 00, 28, E0, 40, 00, 00, 00, 00, 00, 44, 28, 00, 00, 26, E1, 40, 00, 4E, 65, 6F, 4C, 69, 74, 65, 20, 45, 78, 65, 63, 75, 74, 61, 62, 6C, 65, 20, 46, 69, 6C, 65, 20, 43, 6F, 6D, 70, 72, 65, 73, 73, 6F, 72, 0D, 0A, 43, 6F, 70, 79, 72, 69, 67, 68, 74, 20, 28, 63, 29, 20, 31, 39, 39, 38, 2C, 31, 39, 39, 39, 20, 4E, 65, 6F, 57, 6F, 72, 78, 20, 49, 6E, 63, 0D, 0A, 50, 6F, 72, 74, 69, 6F, 6E, 73, 20, 43, 6F, 70, 79, 72, 69, 67, 68, 74, 20, 28, 63, 29, 20, 31, 39, 39...
 
[+]

Entropy:
7.0448

Packer / compiler:
NeoLite v2.0

Code size:
8 KB (8,192 bytes)

The file md5tool.exe has been seen being distributed by the following URL.

http://www.evenbalance.com/.../md5tool.exe

Scan md5tool.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.