home

RunTools.exe

Chencheng Cai

The application RunTools.exe by Chencheng Cai has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Chencheng Cai  (signed and verified)

MD5:
e313cc7746b741354716715be8b30710

SHA-1:
45d7c5a11902f05d2798ba5158a349f9224cf4d4

SHA-256:
b5437091f9183d88018215a15ab9bb5f09f317934a50d7e067fad90a69b8aa0d

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
2/25/2025 6:14:06 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Elex (M)
16.10.19.9

File size:
278.5 KB (285,232 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\winzipper\ucp~6214284\runtools.exe

Digital Signature
Signed by:
Chencheng Cai

Authority:
thawte, Inc.

Valid from:
10/19/2016 7:00:00 AM

Valid to:
9/23/2017 6:59:59 AM

Subject:
CN=Chencheng Cai, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
437EFF18668F2949A8387EF2021D76B8

File PE Metadata
Compilation timestamp:
10/19/2016 10:52:56 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:zdXo/UeMAW6sTbEcsiaD2FEO7C9cEpdrl5x0zFLlTPDi/ypbGR+NPenwMp7zY07F:zcUMrsTbEcmCHTEbABlTPW/yYRntXF

Entry address:
0x1362

Entry point:
E8, 1F, 89, 00, 00, E9, 38, B2, 01, 00, 66, 8B, 02, 66, 89, 01, C3, 55, 8B, EC, FF, 75, 08, E8, E0, 4D, 00, 00, 59, FF, 75, 08, FF, 15, 7C, 31, 43, 00, CC, 6A, 64, 68, 60, BB, 43, 00, E8, FB, BC, 01, 00, 6A, 0B, E8, 0F, 35, 00, 00, 59, 33, DB, 89, 5D, FC, 6A, 40, 6A, 20, 5F, 57, E8, FD, 18, 00, 00, 59, 59, 8B, C8, 89, 4D, DC, 85, C9, 75, 1B, 6A, FE, 8D, 45, F0, 50, 68, B0, E1, 43, 00, E8, A8, E9, 01, 00, 83, C4, 0C, 83, C8, FF, E9, 55, 02, 00, 00, A3, E8, 09, 44, 00, 89, 3D, D8, 11, 44, 00, 05, 00, 08, 00...
 
[+]

Code size:
198.5 KB (203,264 bytes)

Remove RunTools.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.