Gridinsoft Logo
File Icon

BLTools 2.9.1 Pro.exe Trojan Heuristic Analysis

Updated 1 year ago
Checked by Malaware Check
BLTools 2.9.1 Pro.exe

Technical Analysis

File Name BLTools 2.9.1 Pro.exe
File Type
PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Scanner Version 1.0.178.174
Database Version 2024-06-04 17:00:41 UTC

Trojan.Heur!.01210033

Malware family: Heuristic

Heuristic detection uses behavioral analysis and pattern recognition to identify potential threats without specific signatures. This proactive approach detects suspicious code behavior that may indicate malware presence. Detection may occasionally produce false positives when legitimate software exhibits similar behavioral patterns.
N/A
Detection Rate
6,247,856
File Size (bytes)
2024-06-04
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
7bb7dbe4b526a97fafdbfb00d15c55c4
SHA1
a0de525a5a8039866a34dd14f4c07b5a3fe14bfa
SHA256
e6dec1fd596b368123080b139b39a430e5aecb3113d285e1e1067184e8382a84
SHA512
1cff869fd5d9b7359d0d2557bb3b8c03f2589117eaab368d45b411c3918e81f711ce4c603e7ae7afd5175edaf1909758d53f5f3424c7e298f430a2f6ead938f0
ImpHash
4a69501d065aecd17da3f8f42bc46478

PE Analysis

Basic Information

Icon
Hash: 291e4ead8da79ea6b9efb801377d6410
Fuzzy: e1b6b5df7fafce35a40b00a09d297b3b
dHash: 014decc84d4d7133
Image Base 0x140000000
Entry Point 0x1400010f6
Compilation Time 2024-05-28 20:05:54
Checksum 0x005f586b (Actual: 0x005f586b)
OS Version 4.0
PEiD Signatures PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Digital Signature Chain verification from CN=BLTools by Boyring (serial:76907174741674677222108507061155706830, sha1:9bd6e1749fb83f5c7ed9fdd8624c111d66664486) failed: The X.509 certificate provided is self-signed - "Common Name: BLTools by Boyring"
Imports 7 libraries
kernel32, oleaut32, user32, advapi32, ole32, ntdll, shlwapi
Exports 0 functions
Resources 4 Resources
Sections 14 Sections

Version Information

Comments
CompanyName
FileDescription BLTools Cookies Checker
FileVersion 2.9.1.0
InternalName WPF_login.exe
LegalCopyright Copyright © 2024
LegalTrademarks
OriginalFilename WPF_login.exe
ProductName BLTools Cookies Checker
ProductVersion 2.9.1.0
Assembly Version 2.9.1.0
Translation 0x0000 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 30,584 bytes 30,720 bytes 5.59 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 587C1B2E748CEED564CF8431FB71857E
.data 0x00009000 736 bytes 1,024 bytes 0.69 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE DEDFDCE23EA64B33D18FB51D9099A231
.rdata 0x0000a000 4,496 bytes 4,608 bytes 5.37 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ C412A0A4E2A98A5D4DA41C41E19E6EAC
.eh_fram 0x0000c000 4 bytes 512 bytes 0.00 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE BF619EAC0CDF3F68D496EA9344137E8B
.pdata 0x0000d000 2,376 bytes 2,560 bytes 0.00 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ A371492F16C0940507435909603EFE88
.xdata 0x0000e000 2,372 bytes 2,560 bytes 3.46 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 58F2834B9A8995B62E05A82BDDB9CFCC
.bss 0x0000f000 584 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D41D8CD98F00B204E9800998ECF8427E
.idata 0x00010000 2,344 bytes 2,560 bytes 3.87 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 7BC8D95B0D8AF3E35855193F1A27CCDA
.CRT 0x00011000 104 bytes 512 bytes 0.35 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE AE581BE374D21241048459E370C92076
.tls 0x00012000 16 bytes 512 bytes 0.00 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE BF619EAC0CDF3F68D496EA9344137E8B
.reloc 0x00013000 132 bytes 512 bytes 1.61 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 650BB0271816E0940410EE394195A5A1
.rsrc 0x00014000 69,192 bytes 69,632 bytes 4.45 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 2CCCCAE727E6D7CE57D3328F3E7A17B1
.enigma1 0x00025000 4,096 bytes 5,406,720 bytes 7.82 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4E605EE0AE9D3C243839C4070C82CFC6
.enigma2 0x00026000 716,800 bytes 716,800 bytes 5.43 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE F69597B1CFEB767C11D00473D5B00127
Entropy Analysis Alert

1 section(s) with high entropy (≥7.5) detected - possible packing/encryption

Resource Analysis

Total Resources: 4 (68,888 bytes)
Resource Type Count Total Size Percentage
RT_ICON 1 67,624 bytes
98.2%
RT_GROUP_ICON 1 20 bytes
0%
RT_VERSION 1 852 bytes
1.2%
RT_MANIFEST 1 392 bytes
0.6%

Certificate Chain Analysis

No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

Chain verification from CN=BLTools by Boyring (serial:76907174741674677222108507061155706830, sha1:9bd6e1749fb83f5c7ed9fdd8624c111d66664486) failed: The X.509 certificate provided is self-signed - "Common Name: BLTools by Boyring"

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Trojan.Heur!.01210033 Removal

Gridinsoft has the capability to identify and eliminate Trojan.Heur!.01210033 without requiring further user intervention.

Download Anti-Malware

Removal Instructions

Follow these steps to completely remove the threat from your system

  1. Start by downloading Gridinsoft Anti-Malware to your computer.
  2. Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  3. Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  4. Click on the "Standard Scan" button to begin scanning your computer for threats.
  5. After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  6. If prompted, restart your system to complete the removal process and ensure all threats are eliminated.
Important: Before You Start
Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware