Windows Analysis Report
rdp.exe

ID:	1438254
Product:	CloudBasic
Start time:	14:25:40
Start date:	08.05.2024
Sample:	rdp.exe
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	c56cd6a873e360c58dc80796e1ff6cde
SHA1:	49be32431f0e18d8266f0cc2e561a23aca092a0c
SHA256:	ba4f0f99a57739a9bc7612c95496305fda3afbfea012c9478a66299f69c650df
Filetype:	Win32 Executable (generic) Net Framework (10011505/4) 49.80%

Name	Type	MD5	SHA1	SHA256

AV Detection

Source: rdp.exe

Virustotal: Detection: 8%

Perma Link

Compliance

Source: rdp.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

System Summary

Source: rdp.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: classification engine

Classification label: mal52.evad.winEXE@0/0@0/0

Source: rdp.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: rdp.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%

Source: rdp.exe

Virustotal: Detection: 8%

Source: rdp.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Data Obfuscation

Source: rdp.exe, --.cs

.Net Code: _0002 System.Reflection.Assembly.Load(byte[])