» Hantools.exe
Overview
Analysis
File Details

Hantools.exe

Hantools Setup

DreamWiz Internet Co.,Ltd

The executable Hantools.exe has been detected as malware by 1 anti-virus scanner.

File name:

Hantools.exe

Publisher:

Product:

Hantools Setup

Version:

2.0.0.5

MD5:

41658a64bb2732caaa2a3b1e9cc68ee2

SHA-1:

f772184756853e61994a0b216d5c07c5dc829d87

SHA-256:

1426107cbd6ecd21c34e7ccf364d113bdcf459b45bbf6ea63d8d3e0c08470f4f

Scanner detections:

1 / 68

Status:

Malware

Analysis date:

11/15/2024 1:36:02 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP (M)

16.7.29.10

File size:

2.9 MB (3,013,712 bytes)

Product version:

2.0.0.0

Original file name:

Hantools.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\hantools.exe

Digital Signature

Signed by:

DreamWiz Internet Co.,Ltd

Authority:

Thawte, Inc.

Valid from:

12/6/2013 9:00:00 AM

Valid to:

12/7/2015 8:59:59 AM

Subject:

CN="DreamWiz Internet Co.,Ltd", OU=IT Team, O="DreamWiz Internet Co.,Ltd", L=Guro-gu, S=SEOUL, C=KR

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

12DB999BC9533C57564CC89CAC820B20

File PE Metadata

Compilation timestamp:

10/22/2014 5:06:48 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:e63sEl0rtm+EMSJu5HZHH676TNUowCr7VXuu5Yj8Y2tj:eiOBb26hU8Vr5Yj0

Entry address:

0x1BDD18

Entry point:

55, 8B, EC, 83, C4, F0, B8, D0, 3F, 5B, 00, E8, 8C, CA, E4, FF, A1, F8, 62, 5C, 00, 8B, 00, E8, F0, B5, F5, FF, A1, F8, 62, 5C, 00, 8B, 00, B2, 01, E8, E2, D2, F5, FF, 8B, 0D, 1C, 66, 5C, 00, A1, F8, 62, 5C, 00, 8B, 00, 8B, 15, 50, 11, 5B, 00, E8, E2, B5, F5, FF, A1, F8, 62, 5C, 00, 8B, 00, E8, 2E, B7, F5, FF, E8, 09, 8B, E4, FF, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.5058

Developed / compiled with:

Microsoft Visual C++

Code size:

1.7 MB (1,822,208 bytes)

Remove Hantools.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.