RDP-Unlocker[.]exe | Triage

Resubmissions

02/10/2024, 20:31

241002-za1jxavfjj 3

02/10/2024, 20:29

241002-y9x3dsydld 3

Sharing

Copy URL Twitter E-mail

General

Target

RDP-Unlocker.exe
Size

18KB
MD5

eb3618b3dcb311b0488d82af0788b474
SHA1

4359f691ea9e2ba39a9bb7d394a8affecd9f44b2
SHA256

3048bdf7f87d046e9988e45404beddc38bbd8248b70149a87c002a48238ccdad
SHA512

a3fd1835550c2384789dd24d71ff7e784df41d45875dfb59c42e4c4cac766039fd1c6eddb321ff7e8db75cce12fefd2611189c67708da67818bbdf518a7eed3f
SSDEEP

384:gZB1YkLU4VgZovSHq7qOXSCI9KOXTScsoptYcFw7B03K:gDqoBVgZovf7RX4xXTSH8tYcFw7B6K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
RDP-Unlocker.exe

Files

RDP-Unlocker.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\user\Desktop\WindowsFormsApp1488\obj\Release\helloworld.pdb

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ