Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Oct. 25, 2024, 10:38 a.m.	Oct. 25, 2024, 10:44 a.m.

Size	1021.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`8f82226b2f24d470c02f6664f67f23f7`
SHA256	`5603338a1f8dbb46efb8e0869db3491d5db92f362711d6680f91ecc5d18bfadf`
CRC32	`4F390AEA`
ssdeep	`12288:AR55BK3IsHoeGoE0SYmsjRwH/fD/sK3wzBOSdzIaVI99l/rk9gvQJg7:81KY2oeGTKRqPCBOSd0aVIHloI`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file mzp_file_format - MZP(Delphi) file format

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
GetComputerNameW Oct. 25, 2024, 10:19 a.m.	computer_name: TEST22-PC	1	1	0

section	.itext
section	.didata

packer

BobSoft Mini Delphi -> BoB / BobSoft

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory Oct. 25, 2024, 10:19 a.m.	process_identifier: 1280 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00370000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory Oct. 25, 2024, 10:19 a.m.	process_identifier: 1280 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

Time & API	Arguments	Status	Return	Repeated
GetDiskFreeSpaceW Oct. 25, 2024, 10:19 a.m.	number_of_free_clusters: 2424781 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: C:\ total_number_of_clusters: 8362495	1	1	0

Time & API	Arguments	Status	Return	Repeated
SetWindowsHookExW Oct. 25, 2024, 10:19 a.m.	thread_identifier: 0 callback_function: 0x74285a98 hook_identifier: 13 (WH_KEYBOARD_LL) module_address: 0x00400000	1	66033	0

Lionic	Riskware.Win32.RDPWrap.1!c
Cynet	Malicious (score: 99)
CAT-QuickHeal	RemoteAdmin.RDPWrap
Cylance	Unsafe
K7GW	RemoteTool ( 0053f8421 )
K7AntiVirus	RemoteTool ( 0053f8421 )
APEX	Malicious
ClamAV	Win.Trojan.Agent-6301884-0
Kaspersky	not-a-virus:RemoteAdmin.Win32.RDPWrap.c
Alibaba	RiskWare:Win32/RDPWrap.ad61ecbe
NANO-Antivirus	Riskware.Win32.Rdpwrap.eyvlpq
Rising	Malware.Undefined!8.C (C64:YzY0Oh78uuVlSDN4)
F-Secure	PrivacyRisk.SPR/RemoteAdmin.560333
DrWeb	Program.Rdpwrap.1
TrendMicro	HackTool.Win32.Radmin.GJ
Trapmine	suspicious.low.ml.score
CTX	exe.remote-access-trojan.rdpwrap
Sophos	RDPWrap (PUA)
Jiangmin	RemoteAdmin.RDPWrap.c
Google	Detected
Avira	SPR/RemoteAdmin.560333
Antiy-AVL	RiskWare[RemoteAdmin]/Win32.RDPWrap
Gridinsoft	Risk.Win32.RemoteAdmin.cc
ZoneAlarm	not-a-virus:RemoteAdmin.Win32.RDPWrap.c
DeepInstinct	MALICIOUS
Malwarebytes	Generic.Malware/Suspicious
Zoner	Trojan.Win32.65664
TrendMicro-HouseCall	HackTool.Win32.Radmin.GJ
Tencent	Malware.Win32.Gencirc.10bdee1b
Yandex	Riskware.RemoteAdmin!39OEp2Y0vOM
MaxSecure	Trojan.Malware.10816499.susgen
alibabacloud	Hacktool:Win/RDPWrap.E

RDPCheck.exe