home

mktools.sys

MANDIANT Corporation

Publisher:
MANDIANT Corporation  (signed and verified)

MD5:
d602b12a7b3e1443069276c739a65c21

SHA-1:
82aef793571b4295b5fdd522d7ada7309aac4372

SHA-256:
367547487d4c08700c636d58b06687225cfcd4adf2305ef581dff5122f9da66c

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 12:19:24 AM UTC  (today)

File size:
17.6 KB (18,064 bytes)

File type:
Driver (Win32 SYS)

Common path:
C:\Program Files\mandiant\mandiant intelligent response agent\mktools.sys

Digital Signature
Signed by:
MANDIANT Corporation

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
1/16/2008 5:00:00 PM

Valid to:
11/13/2009 4:59:59 PM

Subject:
CN=MANDIANT Corporation, OU=PRODUCT DEVELOPMENT, O=MANDIANT Corporation, L=Alexandria, S=Virginia, C=US

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
0A0BBDDED69A6C6303CF5641FCD39FBC

File PE Metadata
Compilation timestamp:
6/5/2009 11:16:20 AM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
8.0

CTPH (ssdeep):
384:vUoy9DEQP6kgT9so03itF+FBIQBDYJLmxY1KI1:v3yeHkgT9so20FYWRL8YkI1

Entry address:
0x2D05

Entry point:
8B, FF, 55, 8B, EC, A1, 00, 17, 01, 00, 85, C0, B9, 4E, E6, 40, BB, 74, 04, 3B, C1, 75, 1A, A1, 30, 10, 01, 00, 8B, 00, 35, 00, 17, 01, 00, A3, 00, 17, 01, 00, 75, 07, 8B, C1, A3, 00, 17, 01, 00, F7, D0, A3, 04, 17, 01, 00, 5D, E9, CD, DB, FF, FF, CC, 6C, 2D, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, FE, 2E, 00, 00, 00, 10, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 18, 2E, 00, 00, 2A, 2E, 00, 00, 36, 2E, 00, 00, 4E, 2E, 00, 00, 66, 2E, 00, 00, 7C, 2E, 00, 00, 86...
 
[+]

Entropy:
6.4712

Code size:
9.1 KB (9,344 bytes)

Scan mktools.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.