Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 11, 2021, 10:03 a.m.	Aug. 11, 2021, 10:05 a.m.

Size	1.4MB
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`3288c284561055044c489567fd630ac2`
SHA256	`ac92d4c6397eb4451095949ac485ef4ec38501d7bb6f475419529ae67e297753`
CRC32	`D5C50564`
ssdeep	`24576:prKxoVT2iXc+IZ++6WiaTAsN/3ebTvK+63CWH8iA/iD2hgPjcC8SVdKumYr7:EHZ5pdqYH8ia6GcKuR7`
Yara	UPX_Zero - UPX packed file Malicious_Packer_Zero - Malicious Packer Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return
WriteConsoleA Aug. 11, 2021, 10:03 a.m.	buffer: RDP Wrapper Library v1.6.2 console_handle: 0x00000007	1	1
WriteConsoleA Aug. 11, 2021, 10:03 a.m.	buffer: Installer v2.5 console_handle: 0x00000007	1	1
WriteConsoleA Aug. 11, 2021, 10:03 a.m.	buffer: Copyright (C) Stas'M Corp. 2017 console_handle: 0x00000007	1	1
WriteConsoleA Aug. 11, 2021, 10:03 a.m.	buffer: USAGE: console_handle: 0x00000007	1	1
WriteConsoleA Aug. 11, 2021, 10:03 a.m.	buffer: RDPWInst.exe [-l\|-i[-s][-o]\|-w\|-u[-k]\|-r] console_handle: 0x00000007	1	1
WriteConsoleA Aug. 11, 2021, 10:03 a.m.	buffer: -l display the license agreement console_handle: 0x00000007	1	1
WriteConsoleA Aug. 11, 2021, 10:03 a.m.	buffer: -i install wrapper to Program Files folder (default) console_handle: 0x00000007	1	1
WriteConsoleA Aug. 11, 2021, 10:03 a.m.	buffer: -i -s install wrapper to System32 folder console_handle: 0x00000007	1	1
WriteConsoleA Aug. 11, 2021, 10:03 a.m.	buffer: -i -o online install mode (loads latest INI file) console_handle: 0x00000007	1	1
WriteConsoleA Aug. 11, 2021, 10:03 a.m.	buffer: -w get latest update for INI file console_handle: 0x00000007	1	1
WriteConsoleA Aug. 11, 2021, 10:03 a.m.	buffer: -u uninstall wrapper console_handle: 0x00000007	1	1
WriteConsoleA Aug. 11, 2021, 10:03 a.m.	buffer: -u -k uninstall wrapper and keep settings console_handle: 0x00000007	1	1
WriteConsoleA Aug. 11, 2021, 10:03 a.m.	buffer: -r force restart Terminal Services console_handle: 0x00000007	1	1

section

.itext

Lionic	Riskware.Win32.RDPWrap.1!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Application.RemoteAdmin.RHU
FireEye	Generic.mg.3288c28456105504
CAT-QuickHeal	Trojan.Rdpwrap
ALYac	Misc.Riskware.RemoteAdmin
Cylance	Unsafe
Zillya	Tool.RemoteAdmin.Win32.5
Sangfor	PUP.Win32.RemoteAdmin.RHU
K7AntiVirus	RemoteTool ( 0053f8421 )
Alibaba	RiskWare:Win32/RDPWrap.e5b84be0
K7GW	Riskware ( 0040eff71 )
Cybereason	malicious.456105
Cyren	W64/RDPWrap.A
ESET-NOD32	a variant of Win32/RDPWrap.A potentially unsafe
APEX	Malicious
Paloalto	generic.ml
ClamAV	Win.Malware.Msilperseus-9807948-0
Kaspersky	not-a-virus:RemoteAdmin.Win32.RDPWrap.h
BitDefender	Application.RemoteAdmin.RHU
NANO-Antivirus	Riskware.Win32.Rdpwrap.fgzswy
Rising	Trojan.Generic@ML.100 (RDML:udk7SerMqsOzHh+oM6uaYQ)
Ad-Aware	Application.RemoteAdmin.RHU
Emsisoft	Application.RemoteAdmin.RHU (B)
DrWeb	Program.Rdpwrap.4
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	HackTool.Win32.Radmin.GD
McAfee-GW-Edition	BehavesLike.Win32.Infected.th
Jiangmin	RemoteAdmin.RDPWrap.r
Avira	SPR/Remoteadmin.AO
MAX	malware (ai score=99)
Antiy-AVL	Trojan/Generic.ASMalwS.300D04C
Gridinsoft	Trojan.Win32.Agent.dg
ViRobot	NetTool.RDPwrap.1460224
GData	Application.RemoteAdmin.RHU
Cynet	Malicious (score: 100)
AhnLab-V3	Unwanted/Win32.Rdpwrap.R220687
McAfee	Artemis!3288C2845610
Malwarebytes	RiskWare.RemoteAdmin
Panda	PUP/RemoteAdmin
TrendMicro-HouseCall	HackTool.Win32.Radmin.GD
Yandex	Trojan.Igent.bUFxrI.20
MaxSecure	Trojan.Malware.121218.susgen
Webroot	W32.Riskware.Rdp
CrowdStrike	win/malicious_confidence_100% (D)

RDPWInst.exe