Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Oct. 24, 2024, 1:04 p.m.	Oct. 24, 2024, 1:04 p.m.

Size	1.4MB
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`3288c284561055044c489567fd630ac2`
SHA256	`ac92d4c6397eb4451095949ac485ef4ec38501d7bb6f475419529ae67e297753`
CRC32	`D5C50564`
ssdeep	`24576:prKxoVT2iXc+IZ++6WiaTAsN/3ebTvK+63CWH8iA/iD2hgPjcC8SVdKumYr7:EHZ5pdqYH8ia6GcKuR7`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file mzp_file_format - MZP(Delphi) file format OS_Processor_Check_Zero - OS Processor Check

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return
WriteConsoleA Oct. 24, 2024, 1:04 p.m.	buffer: RDP Wrapper Library v1.6.2 console_handle: 0x00000007	1	1
WriteConsoleA Oct. 24, 2024, 1:04 p.m.	buffer: Installer v2.5 console_handle: 0x00000007	1	1
WriteConsoleA Oct. 24, 2024, 1:04 p.m.	buffer: Copyright (C) Stas'M Corp. 2017 console_handle: 0x00000007	1	1
WriteConsoleA Oct. 24, 2024, 1:04 p.m.	buffer: USAGE: console_handle: 0x00000007	1	1
WriteConsoleA Oct. 24, 2024, 1:04 p.m.	buffer: RDPWInst.exe [-l\|-i[-s][-o]\|-w\|-u[-k]\|-r] console_handle: 0x00000007	1	1
WriteConsoleA Oct. 24, 2024, 1:04 p.m.	buffer: -l display the license agreement console_handle: 0x00000007	1	1
WriteConsoleA Oct. 24, 2024, 1:04 p.m.	buffer: -i install wrapper to Program Files folder (default) console_handle: 0x00000007	1	1
WriteConsoleA Oct. 24, 2024, 1:04 p.m.	buffer: -i -s install wrapper to System32 folder console_handle: 0x00000007	1	1
WriteConsoleA Oct. 24, 2024, 1:04 p.m.	buffer: -i -o online install mode (loads latest INI file) console_handle: 0x00000007	1	1
WriteConsoleA Oct. 24, 2024, 1:04 p.m.	buffer: -w get latest update for INI file console_handle: 0x00000007	1	1
WriteConsoleA Oct. 24, 2024, 1:04 p.m.	buffer: -u uninstall wrapper console_handle: 0x00000007	1	1
WriteConsoleA Oct. 24, 2024, 1:04 p.m.	buffer: -u -k uninstall wrapper and keep settings console_handle: 0x00000007	1	1
WriteConsoleA Oct. 24, 2024, 1:04 p.m.	buffer: -r force restart Terminal Services console_handle: 0x00000007	1	1

section

.itext

Bkav	W32.AIDetectMalware
Lionic	Riskware.Win32.RDPWrap.1!c
Cynet	Malicious (score: 100)
Skyhigh	BehavesLike.Win32.Infected.th
ALYac	Misc.Riskware.RemoteAdmin
Cylance	Unsafe
VIPRE	Application.RemoteAdmin.RHU
CrowdStrike	win/grayware_confidence_100% (W)
BitDefender	Application.RemoteAdmin.RHU
K7GW	Riskware ( 0040eff71 )
K7AntiVirus	RemoteTool ( 0053f8421 )
Arcabit	Application.RemoteAdmin.RHU
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/RDPWrap.A potentially unsafe
ClamAV	Win.Malware.Msilperseus-9807948-0
Kaspersky	not-a-virus:RemoteAdmin.Win32.RDPWrap.h
NANO-Antivirus	Riskware.Win32.Rdpwrap.fgzswy
Rising	Hacktool.RDPWrap!8.F5FA (CLOUD)
DrWeb	Program.Rdpwrap.4
Zillya	Tool.RemoteAdmin.Win32.5
TrendMicro	HackTool.Win32.Radmin.GD
McAfeeD	ti!AC92D4C6397E
CTX	exe.remote-access-trojan.rdpwrap
Sophos	RDPWrap (PUA)
SentinelOne	Static AI - Malicious PE
FireEye	Generic.mg.3288c28456105504
Webroot	W32.Riskware.Rdp
Google	Detected
Antiy-AVL	RiskWare[RemoteAdmin]/Win32.RDPWrap
Gridinsoft	Trojan.Win32.Agent.dg
Microsoft	PUA:Win32/RDPWrap
ViRobot	NetTool.RDPwrap.1460224
ZoneAlarm	not-a-virus:RemoteAdmin.Win32.RDPWrap.h
GData	Application.RemoteAdmin.RHU
Varist	W32/ABRisk.ZQXQ-4521
AhnLab-V3	Unwanted/Win32.Rdpwrap.R220687
McAfee	RemAdm-RemoteAdmin.p
DeepInstinct	MALICIOUS
Panda	PUP/RemoteAdmin
TrendMicro-HouseCall	HackTool.Win32.Radmin.GD
Tencent	Malware.Win32.Gencirc.10bdec34
Yandex	Trojan.Igent.bUFxrI.20
MaxSecure	Trojan.Malware.11912905.susgen
Fortinet	Riskware/RDPWrap
alibabacloud	Backdoor[rat]:Win/RDPWrap.A

EMBF8CF.exe