× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f8d02d9c20b45e4b558080e332beb710719151533b30c25cc53984d88ccc6769
Detection ratio: 25 / 66
Analysis date: 2018-02-21 07:47:49 UTC ( 1 year ago ) View latest
Antivirus Result Update
AegisLab Troj.Gen!c 20180221
Avast FileRepMalware 20180221
AVG FileRepMalware 20180221
Avira (no cloud) TR/Crypt.ZPACK.nhtdx 20180220
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180208
Comodo Heur.Packed.Unknown 20180221
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170201
Cybereason malicious.77ab53 20180205
Cylance Unsafe 20180221
DrWeb Trojan.Inject3.3248 20180221
Endgame malicious (high confidence) 20180216
ESET-NOD32 a variant of Win32/GenKryptik.BQSH 20180221
Fortinet W32/GenKryptik.BQSH!tr 20180221
GData Win32.Backdoor.Zeus.6MHF46 20180221
Ikarus Win32.Outbreak 20180220
Kaspersky Trojan-Spy.Win32.Panda.akc 20180221
McAfee Artemis!951F4AD1ACD4 20180221
McAfee-GW-Edition BehavesLike.Win32.Gupboot.ch 20180221
Palo Alto Networks (Known Signatures) generic.ml 20180221
Rising Trojan.Crypto!8.364 (TFE:4:iP24Hqrus3F) 20180221
Sophos AV Mal/Generic-S 20180221
Symantec Trojan.Gen.2 20180221
Tencent Suspicious.Heuristic.Gen.b.0 20180221
Webroot W32.Trojan.Gen 20180221
ZoneAlarm by Check Point Trojan-Spy.Win32.Panda.akc 20180221
Ad-Aware 20180221
AhnLab-V3 20180220
Alibaba 20180216
ALYac 20180221
Antiy-AVL 20180221
Arcabit 20180221
Avast-Mobile 20180220
AVware 20180221
BitDefender 20180221
Bkav 20180212
CAT-QuickHeal 20180221
ClamAV 20180221
CMC 20180221
Cyren 20180221
eGambit 20180221
Emsisoft 20180221
F-Prot 20180221
F-Secure 20180221
Sophos ML 20180121
Jiangmin 20180221
K7AntiVirus 20180221
K7GW 20180221
Kingsoft 20180221
Malwarebytes 20180221
MAX 20180221
Microsoft 20180221
eScan 20180221
NANO-Antivirus 20180221
nProtect 20180221
Panda 20180220
Qihoo-360 20180221
SentinelOne (Static ML) 20180115
SUPERAntiSpyware 20180221
Symantec Mobile Insight 20180220
TheHacker 20180219
TrendMicro 20180221
Trustlook 20180221
VBA32 20180220
VIPRE 20180221
ViRobot 20180221
WhiteArmor 20180205
Yandex 20180220
Zillya 20180220
Zoner 20180221
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product HLTooLz
Original name HLTooLz.exe
Internal name HLTooLz
File version 1.07
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-11-03 13:12:23
Entry Point 0x000053F1
Number of sections 5
PE sections
PE imports
LookupPrivilegeValueA
RegCloseKey
LookupAccountSidW
QueryServiceObjectSecurity
OpenServiceW
AdjustTokenPrivileges
ControlService
DeleteService
CryptHashData
RegQueryValueExW
CryptCreateHash
SetSecurityDescriptorDacl
CloseServiceHandle
ChangeServiceConfig2W
CreateWellKnownSid
OpenProcessToken
QueryServiceStatus
RegOpenKeyExW
SetServiceObjectSecurity
CreateServiceW
CryptReleaseContext
CryptAcquireContextA
SetServiceStatus
RegQueryInfoKeyW
RegisterServiceCtrlHandlerW
GetSecurityDescriptorDacl
RegEnumKeyExW
BuildExplicitAccessWithNameW
CryptDestroyHash
SetEntriesInAclW
QueryServiceConfigW
FreeSid
CryptGetHashParam
OpenSCManagerW
InitializeSecurityDescriptor
QueryServiceStatusEx
StartServiceCtrlDispatcherW
OpenSCManagerA
CertFreeCertificateContext
CertCloseStore
CryptQueryObject
CertFindCertificateInStore
CryptMsgClose
CertGetNameStringW
CryptMsgGetParam
GetStdHandle
GetDriveTypeW
WaitForSingleObject
EncodePointer
GetFileAttributesW
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
TlsGetValue
Process32FirstW
SetLastError
InterlockedDecrement
CopyFileW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
HeapSetInformation
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetPrivateProfileStringW
GlobalAddAtomW
CreateThread
SetEnvironmentVariableW
MoveFileExW
SetUnhandledExceptionFilter
ConvertDefaultLocale
IsProcessorFeaturePresent
DecodePointer
SetEnvironmentVariableA
TerminateProcess
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
lstrcmpiW
RtlUnwind
FreeLibrary
GetFileSize
GetWindowsDirectoryA
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CompareStringW
FindFirstFileA
SetEvent
CreateEventW
CreateFileW
GetFileType
TlsSetValue
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
GetConsoleCP
GetEnvironmentStringsW
Process32NextW
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
CancelIo
RaiseException
TlsFree
SetFilePointer
DeleteVolumeMountPointW
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetConsoleAliasExesLengthA
IsValidCodePage
HeapCreate
CreateProcessW
GetLongPathNameA
Sleep
UuidToStringW
RpcStringFreeW
SHGetFolderPathW
PathQuoteSpacesW
PathRemoveFileSpecW
PathAppendW
PathUnquoteSpacesW
PathStripToRootW
LoadStringA
wsprintfW
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
WinVerifyTrust
CoCreateGuid
Number of PE resources by type
RT_ICON 12
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 14
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
7.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.7.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
66048

EntryPoint
0x53f1

OriginalFileName
HLTooLz.exe

MIMEType
application/octet-stream

FileVersion
1.07

TimeStamp
2017:11:03 14:12:23+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
HLTooLz

ProductVersion
1.07

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
103424

ProductName
HLTooLz

ProductVersionNumber
1.7.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 951f4ad1acd41333dbd9ddf0403770ec
SHA1 f93b5e477ab530748db8c3f7294fca1dcefe7e0e
SHA256 f8d02d9c20b45e4b558080e332beb710719151533b30c25cc53984d88ccc6769
ssdeep
3072:XFdqpNsOFom1bFkx8vbA0m9/Xsm/Ptm8wxtxwAOFi8pvW7sTD1yZ14sH8u:XFdmlovxYU2H8KtxbEFvDnq4g8

authentihash d5eee7c056ca8877efaeb8305d846b33ec63bd0d4b472dfb467e177519cd5833
imphash 64bcd7d0224b49b646a3874757a90b4f
File size 166.0 KB ( 169984 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (35.9%)
OS/2 Executable (generic) (16.1%)
Clipper DOS Executable (16.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Tags
peexe

VirusTotal metadata
First submission 2018-02-20 16:50:52 UTC ( 1 year ago )
Last submission 2018-06-11 12:13:34 UTC ( 8 months, 2 weeks ago )
File names searchN35IH0BU.exe
HLTooLz
HLTooLz.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs