btool.exe

• File Path: C:\Program Files\SplunkUniversalForwarder\bin\btool.exe
• Description: btool

Hashes

Type	Hash
MD5	72BEFED2DABDFB0B9D419619EE9DD3DB
SHA1	BABC7F1E078AE8D3990475E14C72DA6286355608
SHA256	8E44DA6C02F52264503A58861FFF5A7611E63B9E0A0D2B83A4321E7B4DEC8D45
SHA384	4DBF62C4ABD4A56F8C1623C4DDA25D361C1A3BE9BC399ED719161C9A89EC2C72DFC1DDDC2D688F7E13807C79ED7F4C24
SHA512	3CD25CC41618E033C8E9622A9F25CF3EB9651262219028807F9A1E98E0E6B674F50A7EF2D14995A9076B38942A4113FF1D96D4CC10858CECFF3BB460926FAAF3
SSDEEP	1536:V5KDNMR//21NKeNtcyIIEKFZckfPLRpk5ALZpKgDU:V5KDNMR//2rKX9IEKvcMmAlp+
IMP	D7E7C7FB1023AE6F5D81B244992E7451
PESHA1	3E29DD8EB7B780651D707B20C2CF3200CD99B1EA
PE256	4C9097ED1B02B8C64EC1020607AF7220D2F99F62D039EB09D4751DF27B6224BF

Runtime Data

Usage (stdout):

Unrecognized argument: --help

Usage (stderr):

SPLUNK_HOME must be set.  Stopping.

Child Processes:

explorer.exe

Loaded Modules:

Path
C:\Program Files\SplunkUniversalForwarder\bin\btool.exe
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\SYSTEM32\ntdll.dll

Signature

• Status: Signature verified.
• Serial: 014E132916D610BB301B22ABBD994616
• Thumbprint: B8B4F0D3FD0571E184DEBB76A1F6DB73F30FA233
• Issuer: CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US
• Subject: CN=”Splunk, Inc.”, O=”Splunk, Inc.”, L=San Francisco, S=California, C=US, SERIALNUMBER=4109614, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US

File Metadata

• Original Filename: btool.exe
• Product Name: splunk Application
• Company Name: Splunk Inc.
• File Version: 8.2.3
• Product Version: 8.2.3 (Build cd0848707637)
• Language: English (United States)
• Legal Copyright: Copyright (C) 2005-2021
• Machine Type: 64-bit

File Scan

• VirusTotal Detections: 0/73
• VirusTotal Link: https://www.virustotal.com/gui/file/8e44da6c02f52264503a58861fff5a7611e63b9e0a0d2b83a4321e7b4dec8d45/detection

MIT License. Copyright (c) 2020-2021 Strontic.