home

hashtool.exe

KRyLack File Checksum Tool

Serhiy Horobets

This is a setup program which is used to install the application. The file has been seen being downloaded from dl.krylack.com.
Publisher:
Serhiy Horobets

Product:
KRyLack File Checksum Tool

Version:
1.05.07

MD5:
70e3417ad59c9acaea0f13db02ebc004

SHA-1:
cd2cc4b41a1551ac202133813be9a6e94a828d8a

SHA-256:
c26d67bf0e687eed07b1b2be976224ec874544909e3596e87b0132a0c5e36ecc

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
4/5/2025 4:44:09 PM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
HW32.TsCabk
1.3.0.4923

Trend Micro House Call
TROJ_GEN.F47V0120
7.2.188

File size:
1.2 MB (1,300,480 bytes)

Product version:
1.05.07

Copyright:
Copyright © 2010 Serhiy Horobets. All rights reserved.

Original file name:
hashtool.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\hashtool.exe

File PE Metadata
Compilation timestamp:
9/29/2010 11:29:33 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:ftWSaFk4Yl2qOTMTUaKr5kwqH24v+D7dOwuixyR121aobAW:fSxZqYIaTIs5ruiE1gAW

Entry address:
0x3C9974

Entry point:
E8, 3B, FF, FF, FF, 05, 06, 32, 00, 00, FF, E0, E8, 2F, FF, FF, FF, 05, CF, 1B, 00, 00, FF, E0, E8, 04, 00, 00, 00, FF, FF, FF, FF, 5E, C3, 00, 1F, A4, C9, 7E, 0E, 4D, B7, B3, 2D, 09, B6, 82, 2C, C7, C0, BB, 1D, D0, 15, 50, 59, 5A, EC, 14, 13, F9, 1B, AD, 0E, 87, 5E, 17, 69, C7, BE, 9D, 57, 02, CA, 92, E6, 66, EB, A8, B1, EE, 0C, C3, 54, 07, AA, 90, B9, A4, C4, 86, 6B, F2, 02, 92, 94, F5, 4D, 80, 85, 9A, 32, 51, 30, 3A, FE, 55, 51, A4, D4, 9E, B0, 2C, AB, 76, 30, 8C, 81, FE, 34, 99, 0B, 32, D1, 95, B0, 36...
 
[+]

Entropy:
7.9420  (probably packed)

Code size:
1.4 MB (1,513,472 bytes)

The file hashtool.exe has been seen being distributed by the following URL.

http://dl.krylack.com/hashtool.exe

Scan hashtool.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.