ScreenShot
Created | 2021.08.11 10:05 | Machine | s1_win7_x6401 |
Filename | RDPWInst.exe | ||
Type | PE32 executable (console) Intel 80386, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : malware | ||
VT API (file) | 45 detected (RDPWrap, malicious, high confidence, RemoteAdmin, Misc, Unsafe, Tool, RemoteTool, A potentially unsafe, Msilperseus, fgzswy, Generic@ML, RDML, udk7SerMqsOzHh+oM6uaYQ, HackTool, Radmin, Infected, ai score=99, ASMalwS, NetTool, score, R220687, Artemis, Igent, bUFxrI, susgen, confidence, 100%) | ||
md5 | 3288c284561055044c489567fd630ac2 | ||
sha256 | ac92d4c6397eb4451095949ac485ef4ec38501d7bb6f475419529ae67e297753 | ||
ssdeep | 24576:prKxoVT2iXc+IZ++6WiaTAsN/3ebTvK+63CWH8iA/iD2hgPjcC8SVdKumYr7:EHZ5pdqYH8ia6GcKuR7 | ||
imphash | a89655faa2b6840e801be1e1c779fc67 | ||
impfuzzy | 96:ocW57Nz5cycfpjmgGpjcLS1P9Xg0KhxwDwPOQ/BYXB:ocqNFj1d+hrPOQaB |
Network IP location
Signature (3cnts)
Level | Description |
---|---|
danger | File has been identified by 45 AntiVirus engines on VirusTotal as malicious |
info | Command line console output was observed |
info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (8cnts)
Level | Name | Description | Collection |
---|---|---|---|
danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
watch | UPX_Zero | UPX packed file | binaries (upload) |
info | IsPE32 | (no description) | binaries (upload) |
info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (upload) |
Network (0cnts) ?
Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
---|
Suricata ids
PE API
IAT(Import Address Table) Library
oleaut32.dll
0x44c3e8 SysFreeString
0x44c3ec SysReAllocStringLen
0x44c3f0 SysAllocStringLen
advapi32.dll
0x44c3f8 RegQueryValueExW
0x44c3fc RegOpenKeyExW
0x44c400 RegCloseKey
user32.dll
0x44c408 LoadStringW
0x44c40c MessageBoxA
0x44c410 CharNextW
kernel32.dll
0x44c418 lstrcmpiA
0x44c41c LoadLibraryA
0x44c420 LocalFree
0x44c424 LocalAlloc
0x44c428 GetACP
0x44c42c Sleep
0x44c430 VirtualFree
0x44c434 VirtualAlloc
0x44c438 GetSystemInfo
0x44c43c GetTickCount
0x44c440 QueryPerformanceCounter
0x44c444 GetVersion
0x44c448 GetCurrentThreadId
0x44c44c VirtualQuery
0x44c450 WideCharToMultiByte
0x44c454 MultiByteToWideChar
0x44c458 lstrlenW
0x44c45c lstrcpynW
0x44c460 LoadLibraryExW
0x44c464 IsValidLocale
0x44c468 GetSystemDefaultUILanguage
0x44c46c GetStartupInfoA
0x44c470 GetProcAddress
0x44c474 GetModuleHandleW
0x44c478 GetModuleFileNameW
0x44c47c GetUserDefaultUILanguage
0x44c480 GetLocaleInfoW
0x44c484 GetLastError
0x44c488 GetCommandLineW
0x44c48c FreeLibrary
0x44c490 FindFirstFileW
0x44c494 FindClose
0x44c498 ExitProcess
0x44c49c CompareStringW
0x44c4a0 WriteFile
0x44c4a4 UnhandledExceptionFilter
0x44c4a8 SetFilePointer
0x44c4ac SetEndOfFile
0x44c4b0 RtlUnwind
0x44c4b4 ReadFile
0x44c4b8 RaiseException
0x44c4bc GetStdHandle
0x44c4c0 GetFileSize
0x44c4c4 GetFileType
0x44c4c8 DeleteCriticalSection
0x44c4cc LeaveCriticalSection
0x44c4d0 EnterCriticalSection
0x44c4d4 InitializeCriticalSection
0x44c4d8 CreateFileW
0x44c4dc CloseHandle
kernel32.dll
0x44c4e4 TlsSetValue
0x44c4e8 TlsGetValue
0x44c4ec LocalAlloc
0x44c4f0 GetModuleHandleW
user32.dll
0x44c4f8 MessageBoxW
0x44c4fc LoadStringW
0x44c500 GetSystemMetrics
0x44c504 CharUpperBuffW
0x44c508 CharNextW
kernel32.dll
0x44c510 WriteFile
0x44c514 WideCharToMultiByte
0x44c518 WaitForSingleObject
0x44c51c VirtualQueryEx
0x44c520 VirtualQuery
0x44c524 VirtualFree
0x44c528 TerminateProcess
0x44c52c Sleep
0x44c530 SizeofResource
0x44c534 SignalObjectAndWait
0x44c538 SetFilePointer
0x44c53c SetEvent
0x44c540 SetEndOfFile
0x44c544 ResetEvent
0x44c548 RemoveDirectoryW
0x44c54c ReadFile
0x44c550 OpenProcess
0x44c554 MultiByteToWideChar
0x44c558 LockResource
0x44c55c LoadResource
0x44c560 LoadLibraryExW
0x44c564 LeaveCriticalSection
0x44c568 InitializeCriticalSection
0x44c56c GetVersionExW
0x44c570 GetThreadLocale
0x44c574 GetNativeSystemInfo
0x44c578 GetStdHandle
0x44c57c GetProcAddress
0x44c580 GetModuleHandleW
0x44c584 GetModuleFileNameW
0x44c588 GetLocaleInfoW
0x44c58c GetLocalTime
0x44c590 GetLastError
0x44c594 GetFullPathNameW
0x44c598 GetFileAttributesW
0x44c59c GetDiskFreeSpaceW
0x44c5a0 GetDateFormatW
0x44c5a4 GetCurrentThreadId
0x44c5a8 GetCurrentProcess
0x44c5ac GetCPInfo
0x44c5b0 FreeResource
0x44c5b4 InterlockedExchange
0x44c5b8 InterlockedCompareExchange
0x44c5bc FreeLibrary
0x44c5c0 FormatMessageW
0x44c5c4 FindResourceW
0x44c5c8 FindFirstFileW
0x44c5cc FindClose
0x44c5d0 ExpandEnvironmentStringsW
0x44c5d4 EnumCalendarInfoW
0x44c5d8 EnterCriticalSection
0x44c5dc DeleteFileW
0x44c5e0 DeleteCriticalSection
0x44c5e4 CreateProcessW
0x44c5e8 CreateFileW
0x44c5ec CreateEventW
0x44c5f0 CreateDirectoryW
0x44c5f4 CompareStringW
0x44c5f8 CloseHandle
advapi32.dll
0x44c600 RegUnLoadKeyW
0x44c604 RegSetValueExW
0x44c608 RegSaveKeyW
0x44c60c RegRestoreKeyW
0x44c610 RegReplaceKeyW
0x44c614 RegQueryValueExW
0x44c618 RegQueryInfoKeyW
0x44c61c RegOpenKeyExW
0x44c620 RegLoadKeyW
0x44c624 RegFlushKey
0x44c628 RegEnumValueW
0x44c62c RegEnumKeyExW
0x44c630 RegDeleteValueW
0x44c634 RegDeleteKeyW
0x44c638 RegCreateKeyExW
0x44c63c RegConnectRegistryW
0x44c640 RegCloseKey
0x44c644 OpenProcessToken
0x44c648 LookupPrivilegeValueW
0x44c64c AdjustTokenPrivileges
kernel32.dll
0x44c654 Sleep
oleaut32.dll
0x44c65c SafeArrayPtrOfIndex
0x44c660 SafeArrayGetUBound
0x44c664 SafeArrayGetLBound
0x44c668 SafeArrayCreate
0x44c66c VariantChangeType
0x44c670 VariantCopy
0x44c674 VariantClear
0x44c678 VariantInit
advapi32.dll
0x44c680 StartServiceW
0x44c684 QueryServiceConfigW
0x44c688 OpenServiceW
0x44c68c OpenSCManagerW
0x44c690 CloseServiceHandle
0x44c694 ChangeServiceConfigW
wininet.dll
0x44c69c InternetReadFile
0x44c6a0 InternetOpenUrlW
0x44c6a4 InternetOpenW
0x44c6a8 InternetCloseHandle
advapi32.dll
0x44c6b0 EnumServicesStatusExW
EAT(Export Address Table) is none
oleaut32.dll
0x44c3e8 SysFreeString
0x44c3ec SysReAllocStringLen
0x44c3f0 SysAllocStringLen
advapi32.dll
0x44c3f8 RegQueryValueExW
0x44c3fc RegOpenKeyExW
0x44c400 RegCloseKey
user32.dll
0x44c408 LoadStringW
0x44c40c MessageBoxA
0x44c410 CharNextW
kernel32.dll
0x44c418 lstrcmpiA
0x44c41c LoadLibraryA
0x44c420 LocalFree
0x44c424 LocalAlloc
0x44c428 GetACP
0x44c42c Sleep
0x44c430 VirtualFree
0x44c434 VirtualAlloc
0x44c438 GetSystemInfo
0x44c43c GetTickCount
0x44c440 QueryPerformanceCounter
0x44c444 GetVersion
0x44c448 GetCurrentThreadId
0x44c44c VirtualQuery
0x44c450 WideCharToMultiByte
0x44c454 MultiByteToWideChar
0x44c458 lstrlenW
0x44c45c lstrcpynW
0x44c460 LoadLibraryExW
0x44c464 IsValidLocale
0x44c468 GetSystemDefaultUILanguage
0x44c46c GetStartupInfoA
0x44c470 GetProcAddress
0x44c474 GetModuleHandleW
0x44c478 GetModuleFileNameW
0x44c47c GetUserDefaultUILanguage
0x44c480 GetLocaleInfoW
0x44c484 GetLastError
0x44c488 GetCommandLineW
0x44c48c FreeLibrary
0x44c490 FindFirstFileW
0x44c494 FindClose
0x44c498 ExitProcess
0x44c49c CompareStringW
0x44c4a0 WriteFile
0x44c4a4 UnhandledExceptionFilter
0x44c4a8 SetFilePointer
0x44c4ac SetEndOfFile
0x44c4b0 RtlUnwind
0x44c4b4 ReadFile
0x44c4b8 RaiseException
0x44c4bc GetStdHandle
0x44c4c0 GetFileSize
0x44c4c4 GetFileType
0x44c4c8 DeleteCriticalSection
0x44c4cc LeaveCriticalSection
0x44c4d0 EnterCriticalSection
0x44c4d4 InitializeCriticalSection
0x44c4d8 CreateFileW
0x44c4dc CloseHandle
kernel32.dll
0x44c4e4 TlsSetValue
0x44c4e8 TlsGetValue
0x44c4ec LocalAlloc
0x44c4f0 GetModuleHandleW
user32.dll
0x44c4f8 MessageBoxW
0x44c4fc LoadStringW
0x44c500 GetSystemMetrics
0x44c504 CharUpperBuffW
0x44c508 CharNextW
kernel32.dll
0x44c510 WriteFile
0x44c514 WideCharToMultiByte
0x44c518 WaitForSingleObject
0x44c51c VirtualQueryEx
0x44c520 VirtualQuery
0x44c524 VirtualFree
0x44c528 TerminateProcess
0x44c52c Sleep
0x44c530 SizeofResource
0x44c534 SignalObjectAndWait
0x44c538 SetFilePointer
0x44c53c SetEvent
0x44c540 SetEndOfFile
0x44c544 ResetEvent
0x44c548 RemoveDirectoryW
0x44c54c ReadFile
0x44c550 OpenProcess
0x44c554 MultiByteToWideChar
0x44c558 LockResource
0x44c55c LoadResource
0x44c560 LoadLibraryExW
0x44c564 LeaveCriticalSection
0x44c568 InitializeCriticalSection
0x44c56c GetVersionExW
0x44c570 GetThreadLocale
0x44c574 GetNativeSystemInfo
0x44c578 GetStdHandle
0x44c57c GetProcAddress
0x44c580 GetModuleHandleW
0x44c584 GetModuleFileNameW
0x44c588 GetLocaleInfoW
0x44c58c GetLocalTime
0x44c590 GetLastError
0x44c594 GetFullPathNameW
0x44c598 GetFileAttributesW
0x44c59c GetDiskFreeSpaceW
0x44c5a0 GetDateFormatW
0x44c5a4 GetCurrentThreadId
0x44c5a8 GetCurrentProcess
0x44c5ac GetCPInfo
0x44c5b0 FreeResource
0x44c5b4 InterlockedExchange
0x44c5b8 InterlockedCompareExchange
0x44c5bc FreeLibrary
0x44c5c0 FormatMessageW
0x44c5c4 FindResourceW
0x44c5c8 FindFirstFileW
0x44c5cc FindClose
0x44c5d0 ExpandEnvironmentStringsW
0x44c5d4 EnumCalendarInfoW
0x44c5d8 EnterCriticalSection
0x44c5dc DeleteFileW
0x44c5e0 DeleteCriticalSection
0x44c5e4 CreateProcessW
0x44c5e8 CreateFileW
0x44c5ec CreateEventW
0x44c5f0 CreateDirectoryW
0x44c5f4 CompareStringW
0x44c5f8 CloseHandle
advapi32.dll
0x44c600 RegUnLoadKeyW
0x44c604 RegSetValueExW
0x44c608 RegSaveKeyW
0x44c60c RegRestoreKeyW
0x44c610 RegReplaceKeyW
0x44c614 RegQueryValueExW
0x44c618 RegQueryInfoKeyW
0x44c61c RegOpenKeyExW
0x44c620 RegLoadKeyW
0x44c624 RegFlushKey
0x44c628 RegEnumValueW
0x44c62c RegEnumKeyExW
0x44c630 RegDeleteValueW
0x44c634 RegDeleteKeyW
0x44c638 RegCreateKeyExW
0x44c63c RegConnectRegistryW
0x44c640 RegCloseKey
0x44c644 OpenProcessToken
0x44c648 LookupPrivilegeValueW
0x44c64c AdjustTokenPrivileges
kernel32.dll
0x44c654 Sleep
oleaut32.dll
0x44c65c SafeArrayPtrOfIndex
0x44c660 SafeArrayGetUBound
0x44c664 SafeArrayGetLBound
0x44c668 SafeArrayCreate
0x44c66c VariantChangeType
0x44c670 VariantCopy
0x44c674 VariantClear
0x44c678 VariantInit
advapi32.dll
0x44c680 StartServiceW
0x44c684 QueryServiceConfigW
0x44c688 OpenServiceW
0x44c68c OpenSCManagerW
0x44c690 CloseServiceHandle
0x44c694 ChangeServiceConfigW
wininet.dll
0x44c69c InternetReadFile
0x44c6a0 InternetOpenUrlW
0x44c6a4 InternetOpenW
0x44c6a8 InternetCloseHandle
advapi32.dll
0x44c6b0 EnumServicesStatusExW
EAT(Export Address Table) is none