The ToolUnlock v10 7 exe File Malware Analysis
Gridinsoft Logo
File Icon

The ToolUnlock_v10.7.exe File Analysis

Updated 1 month ago
Checked by Malware Check
ToolUnlock_v10.7.exe

Technical Analysis

File Name ToolUnlock_v10.7.exe
File Type
Win32 EXE
Magic Bytes PE32+ executable (GUI) x86-64, for MS Windows
SSDEEP Hash
49152:MmWbzeOd3ev3MWHJH8ktGtOnLw/ZEIXjA79saRYLbZ7BAj:MmUk3MWHJH8ktGtOnUx/+9luUj
Scanner Version 1.0.229.174
Database Version 2025-11-25 09:00:30 UTC

Suspicious File Detected

Detected by 35 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.
49%
Detection Rate
3,606,656
File Size (bytes)
35/72
Engines Detected
2025-11-25
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
b87e58d24c217fbe28848bd9797894b4
SHA1
bc5b5c37e8f1ec040a6b4ed00c19b4a4a865b22d
SHA256
01a0972f47dc15519a5a8788e83718842016e2bd23b926de0460e2ec007e153a
SHA512
839e82d8a908641394a4dd3654012983508c5fa94e95e5ceab6d910a6b24fd4bcd746898767e672e3ac7b6ab620a7e46142ba3e3cf05e5278cd185d0f72837de
ImpHash
d42595b695fc008ef2c56aabd8efd68e

Security Engines with Detections (35 of 72)

Bkav
W64.AIDetectMalware Malicious
Lionic
Trojan.Win32.Generic.4!c Malicious
Skyhigh
Artemis!Trojan Malicious
Malwarebytes
Malware.AI.4076230745 Malicious
Sangfor
Trojan.Win64.Kryptik.Vyzk Malicious
CrowdStrike
win/malicious_confidence_90% (W) Malicious
Symantec
ML.Attribute.HighConfidence Malicious
Elastic
malicious (high confidence) Malicious
ESET-NOD32
WinGo/Kryptik.LM trojan Malicious
TrendMicro-HouseCall
TrojanSpy.Win64.VIDAR.YXFKXZ Malicious
Paloalto
generic.ml Malicious
Kaspersky
HEUR:Trojan.Win64.Generic Malicious
Alibaba
Trojan:Win64/Kryptik.e1eff7a8 Malicious
Tencent
Win32.Trojan.FalseSign.Lzfl Malicious
Sophos
Mal/Generic-S Malicious
Google
Detected Malicious
F-Secure
Trojan.TR/AVI.PWS.Agent.ujext Malicious
TrendMicro
TrojanSpy.Win64.VIDAR.YXFKXZ Malicious
McAfeeD
ti!01A0972F47DC Malicious
CTX
exe.trojan.kryptik Malicious
Ikarus
Trojan-Spy.PWS.Agent Malicious
Varist
W64/ABTrojan.TJCA-7923 Malicious
Avira
TR/AVI.PWS.Agent.ujext Malicious
Kingsoft
Win64.Trojan.Generic.a Malicious
Microsoft
Trojan:Win32/Wacatac.B!ml Malicious
GData
Win64.Trojan.Agent.A3WFLZ Malicious
Cynet
Malicious (score: 99) Malicious
DeepInstinct
MALICIOUS Malicious
Cylance
Unsafe Malicious
Rising
Trojan.Kryptik!8.8 (CLOUD) Malicious
TrellixENS
Artemis!B87E58D24C21 Malicious
Fortinet
W64/GoKryptik.LM!tr Malicious
AVG
Win64:Evo-gen [Trj] Malicious
Avast
Win64:Evo-gen [Trj] Malicious
alibabacloud
Trojan:Multi/Wacatac.B9nj Malicious
37 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

Icon
Hash: 3f579eea9d4d6387b704c00e302d7a49
Fuzzy: 5f6c8f10c5d196cb347d9c54c87a5cd6
dHash: 00cccccc4d003333
Image Base 0x00400000
Entry Point 0x00469c80
Compilation Time 1970-01-01 00:00:00
Checksum 0x0037bf34 (Actual: 0x0037bf34)
OS Version 6.1
PEiD Signatures PE32+ executable (GUI) x86-64, for MS Windows
Digital Signature Chain verification from CN=www.deepl.com (serial:584820824696458301606081991832954210145855, sha1:5b64b4b290a05951db2ed345cb33c557fcc3ff87) failed: Unable to build a validation path for the certificate "Common Name: www.deepl.com" - no issuer matching "Common Name: E8" was found
Imports 1 libraries
kernel32
Exports 0 functions
Resources 18 Resources
Sections 9 Sections

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 880,881 bytes 881,152 bytes 6.17 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ F72F16B6BBC9FD058EE10647BB5D57D7
.rdata 0x000d9000 2,151,912 bytes 2,151,936 bytes 6.91 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ D9866A2A07ABDC76CD8E64CBCE9A35B8
.data 0x002e7000 331,616 bytes 33,792 bytes 2.73 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 3081D1A1864916CBE8AFB081FEBF9C4C
.pdata 0x00338000 18,792 bytes 18,944 bytes 5.22 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 6E6A76C5C9B83588EE3A9ED48D698117
.xdata 0x0033d000 168 bytes 512 bytes 1.69 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 04199EB388FDDC5A1835056831EEDFF6
.idata 0x0033e000 1,342 bytes 1,536 bytes 4.01 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 633C8EAD4B5505CA7522C2157F56569B
.reloc 0x0033f000 13,928 bytes 14,336 bytes 5.41 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 800E88B63C735967C69231C4DDC89647
.symtab 0x00343000 119,761 bytes 119,808 bytes 5.06 (Normal) IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 5F76588138E830E1AB42A01A9018B777
.rsrc 0x00361000 380,910 bytes 380,928 bytes 4.94 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 56A15250780E074ADB0860C7714DDAEC
Entropy Analysis Alert

1 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 18 (379,905 bytes)
Resource Type Count Total Size Percentage
RT_BITMAP 1 1,638 bytes
0.4%
RT_ICON 8 376,235 bytes
99%
RT_DIALOG 7 1,908 bytes
0.5%
RT_GROUP_ICON 2 124 bytes
0%

Certificate Chain Analysis

Certificate Information
Verification Status A certificate chain could not be built to a trusted root authority.
Certificate Chain Summary
www.deepl.com #1 Primary
Validity Period: 2025-11-19 16:15:37 → 2026-02-17 16:15:36
Signature Algorithm: sha256RSA
Serial Number: 06 B6 A2 49 D6 A2 59 19 0D A2 8C 1D EC B9 72 9C D6 3F

✓ This file has been digitally signed and the certificate chain has been verified

  • The signature ensures file integrity and authenticity from the publisher
  • Timestamping proves when the signature was applied
Certificate Verification Status

Chain verification from CN=www.deepl.com (serial:584820824696458301606081991832954210145855, sha1:5b64b4b290a05951db2ed345cb33c557fcc3ff87) failed: Unable to build a validation path for the certificate "Common Name: www.deepl.com" - no issuer matching "Common Name: E8" was found

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
35 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Stay Malware-Free: Keep Your PC Protected with Gridinsoft Anti-Malware

Gridinsoft Anti-Malware offers just that—peace of mind with a robust, user-friendly solution that’s constantly updated to combat the latest threats. Designed by cybersecurity experts, it provides real-time protection and effortless malware removal. It’s not just about detecting threats; it's about enhancing your digital life with uninterrupted security. Give it a try and experience what it feels like to browse worry-free!

Gridinsoft Anti-Malware Download Now
Gridinsoft Anti-Malware