Summary | ZeroBOX

66f55533ca7d6_RDPWInst.exe

Gen1 Generic Malware Malicious Library UPX Malicious Packer MZP Format PE File OS Processor Check PE32
Category Machine Started Completed
FILE s1_win7_x6403_us Oct. 2, 2024, 2:31 p.m. Oct. 2, 2024, 2:37 p.m.
Size 1.7MB
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 c213162c86bb943bcdf91b3df381d2f6
SHA256 ac91b2a2db1909a2c166e243391846ad8d9ede2c6fcfd33b60acf599e48f9afc
CRC32 6D4386BE
ssdeep 24576:+rKxoVT2iXc+IZP+6WiaTAsN/3ebTvK+63CWH8iA/iD2hgPjcC8SVdKumYr7:vHZGpdqYH8ia6GcKuR7
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • mzp_file_format - MZP(Delphi) file format
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

WriteConsoleA

buffer: RDP Wrapper Library v1.6.2
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: Installer v2.5
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: Copyright (C) Stas'M Corp. 2017
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: USAGE:
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: RDPWInst.exe [-l|-i[-s][-o]|-w|-u[-k]|-r]
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: -l display the license agreement
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: -i install wrapper to Program Files folder (default)
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: -i -s install wrapper to System32 folder
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: -i -o online install mode (loads latest INI file)
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: -w get latest update for INI file
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: -u uninstall wrapper
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: -u -k uninstall wrapper and keep settings
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: -r force restart Terminal Services
console_handle: 0x00000007
1 1 0
section .itext
Bkav W32.AIDetectMalware
Lionic Riskware.Win32.RDPWrap.1!c
MicroWorld-eScan Application.Generic.3818104
Skyhigh BehavesLike.Win32.Infected.th
ALYac Application.Generic.3818104
Cylance Unsafe
VIPRE Application.Generic.3818104
Sangfor PUP.Win32.Rdpwrap.V695
CrowdStrike win/grayware_confidence_90% (D)
BitDefender Application.Generic.3818104
K7GW Riskware ( 0040eff71 )
K7AntiVirus RemoteTool ( 0053f8421 )
Arcabit Application.Generic.D3A4278
VirIT Trojan.Win32.DelphGen.HHQ
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win32/RDPWrap.A potentially unsafe
APEX Malicious
Avast Win32:Malware-gen
Cynet Malicious (score: 99)
Kaspersky not-a-virus:RemoteAdmin.Win32.RDPWrap.h
NANO-Antivirus Riskware.Win32.Rdpwrap.fgzswy
Rising Hacktool.RDPWrap!8.F5FA (CLOUD)
Emsisoft Application.Generic.3818104 (B)
F-Secure Trojan.TR/AVI.Agent.cevhj
DrWeb Program.Rdpwrap.4
Zillya Tool.RemoteAdmin.Win32.5
McAfeeD ti!AC91B2A2DB19
CTX exe.remote-access-trojan.rdpwrap
Sophos RDPWrap (PUA)
SentinelOne Static AI - Malicious PE
FireEye Generic.mg.c213162c86bb943b
Webroot W32.Riskware.Rdp
Google Detected
Avira TR/AVI.Agent.cevhj
Antiy-AVL RiskWare[RemoteAdmin]/Win32.RDPWrap
Kingsoft malware.kb.a.987
Gridinsoft Risk.Win32.RemoteAdmin.vl!n
Xcitium ApplicUnwnt@#2ldfbtkyxtfj
Microsoft PUA:Win32/RDPWrap
ZoneAlarm not-a-virus:RemoteAdmin.Win32.RDPWrap.h
GData Application.Generic.3818104
Varist W32/ABRisk.ZQXQ-4521
AhnLab-V3 Unwanted/Win32.Rdpwrap.R220687
McAfee GenericRXVL-VQ!C213162C86BB
DeepInstinct MALICIOUS
Malwarebytes Bladabindi.Backdoor.Bot.DDS
Ikarus PUA.RDPWrap
TrendMicro-HouseCall TROJ_GEN.R002H06IQ24
Tencent Malware.Win32.Gencirc.10bdec34