Static task
static1
Behavioral task
behavioral1
Sample
ListRDPConnections.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
ListRDPConnections.exe
Resource
win10v2004-20231023-en
General
-
Target
ListRDPConnections.exe
-
Size
12KB
-
MD5
e8a59e21ab61a7d615a7f8a407d72712
-
SHA1
c5d0ab1771f84ef1e557103545267384e7cd32cc
-
SHA256
97e6a954a2bb21afcc7eeab6ec6d95c6c174ebb7b5fd1da881ab51f74dc944c7
-
SHA512
b6870d2c7d3c37dbc5f008edf8e968607894f5a80fe38e9134c0b09bb524340eb49e089e7ed3b2307c805c7109281399687fd9a98beb1f4fdfb1096937008643
-
SSDEEP
384:wb6mBUvZH0LPcMWOYQid04k67ZdYn6RN5e:wnUvyTl3GUm1E
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource ListRDPConnections.exe
Files
-
ListRDPConnections.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mscoree
_CorExeMain
Sections
.text Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ