Gridinsoft Logo
File Icon

The ToolUnlock_v9.7.exe File Analysis

Updated 1 month ago
Checked by Malware Check
ToolUnlock_v9.7.exe

Technical Analysis

File Name ToolUnlock_v9.7.exe
File Type
Win32 EXE
Magic Bytes PE32+ executable (GUI) x86-64, for MS Windows
SSDEEP Hash
49152:Ka3pBR3Rda6hJzGc/5Wxetl3x4QEIUVEoqX:KaaMGuGwRQvqX
Scanner Version 1.0.229.174
Database Version 2025-11-14 18:00:17 UTC

Suspicious File Detected

Detected by 11 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.
15%
Detection Rate
3,795,832
File Size (bytes)
11/72
Engines Detected
2025-11-14
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
33b692635855211c2e7b3116b1655de2
SHA1
6576e38cfc00b9654cbc2ef4a40ec2b41ef91f89
SHA256
d1071c0a2815e3174ca602277016bcbc8cbb5020de5cf0e60576bbfed3a00dd7
SHA512
7e0b4502393ddfbbdc4a1d4635dfff7431f2d285943a4bb222414d5758ea07582f39a263577da4876e778a19972129133bf8863f9e08f548769c4ccb1a9be4be
ImpHash
d42595b695fc008ef2c56aabd8efd68e

Security Engines with Detections (11 of 72)

Bkav
W64.AIDetectMalware Malicious
Malwarebytes
Spyware.Lumma Malicious
Symantec
ML.Attribute.HighConfidence Malicious
Elastic
malicious (high confidence) Malicious
ESET-NOD32
WinGo/Kryptik.MH trojan Malicious
Avast
Win64:Evo-gen [Trj] Malicious
McAfeeD
ti!D1071C0A2815 Malicious
Microsoft
Trojan:Win32/Wacatac.C!ml Malicious
AhnLab-V3
Trojan/Win.Evo-gen.R735793 Malicious
Yandex
Trojan.PWS.Stealerc!AU3R/0GFsd8 Malicious
AVG
Win64:Evo-gen [Trj] Malicious
61 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

Icon
Hash: 9611de054368dc85ed6ffb8ef709068d
Fuzzy: a8491f4ffe8dac73100412d8c7721d93
dHash: 00b2b2b2b030cccc
Image Base 0x00400000
Entry Point 0x0046a100
Compilation Time 1970-01-01 00:00:00
Checksum 0x0039fea9 (Actual: 0x0039fea9)
OS Version 6.1
PEiD Signatures PE32+ executable (GUI) x86-64, for MS Windows
Digital Signature The expected hash does not match the digest in SpcInfo
Imports 1 libraries
kernel32
Exports 0 functions
Resources 20 Resources
Sections 9 Sections

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 1,024,977 bytes 1,025,024 bytes 6.21 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ C955ADB1DF56AD74FED94C168F8FD20A
.rdata 0x000fc000 2,236,488 bytes 2,236,928 bytes 5.00 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ F888799F2EC2E4F21D68B241D86E85BB
.data 0x0031f000 331,584 bytes 33,792 bytes 2.73 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE FE91DF48577050AF76C38557A41FD23F
.pdata 0x00370000 22,512 bytes 22,528 bytes 5.26 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5867E3DF0F77AFFE9D6030A61236D5B8
.xdata 0x00376000 180 bytes 512 bytes 1.79 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 8906E7DA680DE0B0E6A367982FEFBFF2
.idata 0x00377000 1,342 bytes 1,536 bytes 3.95 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0DF5DCF52008E931FF041E8E9AB75E27
.reloc 0x00378000 19,948 bytes 19,968 bytes 5.43 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ DA9199DEB198ABDACB82AB15458D3AF2
.symtab 0x0037d000 124,168 bytes 124,416 bytes 5.08 (Normal) IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ E5B453658F521A97B7FDCFED943D5A19
.rsrc 0x0039c000 316,318 bytes 316,416 bytes 6.10 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ BD83C9F9E5ECCF311BE55E405D4FFEE7

Resource Analysis

Total Resources: 20 (315,233 bytes)
Resource Type Count Total Size Percentage
RT_ICON 8 312,273 bytes
99.1%
RT_DIALOG 10 2,836 bytes
0.9%
RT_GROUP_ICON 2 124 bytes
0%

Certificate Chain Analysis

Certificate Information
Signing Date 08:09 AM 09/15/2025 (116 days ago)
Verification Status The digital signature of the object did not verify.
Signers Shenzhen Tuozhu Technology Co., Ltd.; GlobalSign GCC R45 EV CodeSigning CA 2020; GlobalSign Code Signing Root R45; GlobalSign; GlobalSign Root CA - R1
Counter Signers Globalsign TSA for Advanced - G4; GlobalSign Timestamping CA - SHA384 - G4; GlobalSign Root CA - R6
Certificate Chain Summary
GlobalSign #1 Primary
Validity Period: 2018-09-19 00:00:00 → 2028-01-28 12:00:00
Signature Algorithm: sha256RSA
Serial Number: 01 EE 5F 16 9D FF 97 35 2B 64 65 D6 6A
GlobalSign Code Signing Root R45 #2 Chain
Validity Period: 2020-07-28 00:00:00 → 2029-03-18 00:00:00
Signature Algorithm: sha384RSA
Serial Number: 78 03 18 42 45 70 8A 41 CF 6F 01 B8 EE B4 A9 54
GlobalSign GCC R45 EV CodeSigning CA 2020 #3 Chain
Validity Period: 2020-07-28 00:00:00 → 2030-07-28 00:00:00
Signature Algorithm: sha256RSA
Serial Number: 77 BD 0E 05 B7 59 0B B6 1D 47 61 53 1E 3F 75 ED
Shenzhen Tuozhu Technology Co., Ltd. #4 Chain
Validity Period: 2022-12-26 08:11:38 → 2026-02-10 10:12:24
Signature Algorithm: sha256RSA
Serial Number: 0B 20 92 95 A5 4B 18 84 66 AD 74 78
Globalsign TSA for Advanced - G4 #5 Chain
Validity Period: 2025-04-11 14:47:01 → 2034-12-10 00:00:00
Signature Algorithm: sha384RSA
Serial Number: 01 03 32 E1 65 BF 9B 78 43 E0 99 75 94 63 77 0B
GlobalSign Timestamping CA - SHA384 - G4 #6 Chain
Validity Period: 2018-06-20 00:00:00 → 2034-12-10 00:00:00
Signature Algorithm: sha384RSA
Serial Number: 01 EC 1C 92 40 DE FD 2E 40 5D 7C 47 74
GlobalSign #7 Chain
Validity Period: 2014-12-10 00:00:00 → 2034-12-10 00:00:00
Signature Algorithm: sha384RSA
Serial Number: 45 E6 BB 03 83 33 C3 85 65 48 E6 FF 45 51

✓ This file has been digitally signed and the certificate chain has been verified

  • The signature ensures file integrity and authenticity from the publisher
  • Timestamping proves when the signature was applied
Certificate Verification Status

The expected hash does not match the digest in SpcInfo

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
11 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Your Score for
/

Gridinsoft Anti-Malware

Stay Malware-Free: Keep Your PC Protected with Gridinsoft Anti-Malware

Gridinsoft Anti-Malware offers just that—peace of mind with a robust, user-friendly solution that’s constantly updated to combat the latest threats. Designed by cybersecurity experts, it provides real-time protection and effortless malware removal. It’s not just about detecting threats; it's about enhancing your digital life with uninterrupted security. Give it a try and experience what it feels like to browse worry-free!

Gridinsoft Anti-Malware Download Now
Gridinsoft Anti-Malware