Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Jan. 18, 2022, 10:41 a.m.	Jan. 18, 2022, 10:47 a.m.

Size	1.5MB
Type	Zip archive data, at least v2.0 to extract
MD5	`c26a2c5f6154225e8d83c4000306f162`
SHA256	`35a9481ddbed5177431a9ea4bd09468fe987797d7b1231d64942d17eb54ec269`
CRC32	`3D64EC2B`
ssdeep	`49152:cPEbpqUPr0OMPjmNgyV24OXxr2/NV0CA7QUmu4LnB:cPEbpPPrC4gWFOBr4Wfg`
Yara	None matched

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Elastic	malicious (high confidence)
FireEye	Application.RemoteAdmin.RHU
CAT-QuickHeal	RemoteAdmin.RDPWrap
McAfee	RemAdm-RemoteAdmin.p
Cylance	Unsafe
Sangfor	PUP.Win32.Agent.LQT6LV
K7GW	RemoteTool ( 0053f8421 )
K7AntiVirus	RemoteTool ( 0053f8421 )
Cyren	W32/Trojan.JKQF-0001
Symantec	SecurityRisk.gen1
ESET-NOD32	a variant of Win32/RDPWrap.A potentially unsafe
ClamAV	Win.Trojan.Agent-6301884-0
Kaspersky	not-a-virus:RemoteAdmin.Win32.RDPWrap.b
BitDefender	Application.RemoteAdmin.RHU
NANO-Antivirus	Riskware.Win32.Rdpwrap.eyvlpq
Emsisoft	Application.RemoteAdmin.RHU (B)
DrWeb	Program.Rdpwrap.1
TrendMicro	HKTL_RADMIN.component
McAfee-GW-Edition	RemAdm-RemoteAdmin.p
Sophos	RDPWrap (PUA)
Jiangmin	RemoteAdmin.RDPWrap.r
Avira	SPR/Remoteadmin.560333
Antiy-AVL	Trojan/Generic.ASMalwS.23C3642
Microsoft	PUA:Win32/RDPWrap
Gridinsoft	Risk.U.RemoteAdmin.oa
ViRobot	Adware.Agent.1096192
GData	Win32.Application.Agent.LQT6LV
Cynet	Malicious (score: 99)
AhnLab-V3	Unwanted/Win32.Rdpwrap.C2632304
MAX	malware (ai score=94)
Malwarebytes	RiskWare.RemoteAdmin
Rising	Malware.Undefined!8.C (CLOUD)
Yandex	Riskware.RemoteAdmin!39OEp2Y0vOM
MaxSecure	Trojan.Malware.300983.susgen
Panda	PUP/RemoteAdmin

d473b802-eb5f-11e7-8ccc-5944bc969a40