Because it's a hacktool with strings commonly used by malware for memory hooking. Whoever created it probably just copy/pasted a bunch of public code. Either that, or it's packed with UPX or some other public packer commonly used by malware. If you truly suspect it to be malicious, then upload it to either Malwr or VxStream (when available, both are down for maintenance at the time of writing unfortunately). They'll give you an in-depth analysis of the binary; from network activity to dropped files and their locations to modified registry keys and so on.