» rdpthread.exe
Overview
Analysis
File Details
Network (1)

rdpthread.exe

The executable rdpthread.exe has been detected as malware by 30 anti-virus scanners. While running, it connects to the Internet address mail.healthyhomeva.com on port 3389.

File name:

rdpthread.exe

MD5:

08460b6f9d3ff0f8ff5d892e4e7854a5

SHA-1:

9d1ebd2b72830e6eed583447fc38c1e1f50cc049

SHA-256:

4c47a02335ba89b9ae3c15c2bbcefaef78e282ccef88257fa9fb4260d6da5637

Scanner detections:

30 / 68

Status:

Malware

Analysis date:

5/21/2024 10:59:57 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.11190543

982

Agnitum Outpost

HackTool.RDPBrute

7.1.1

AhnLab V3 Security

HackTool/Win32.RDPBrute

14.05.29

Avira AntiVirus

SPR/Tool.RDPBrute.1

7.11.150.246

avast!

Win32:Malware-gen

2014.9-140529

AVG

HackTool

2015.0.3460

Baidu Antivirus

HackTool.Win32.RDPBrute

4.0.3.14529

Bitdefender

Trojan.Generic.11190543

1.0.20.745

Bkav FE

W32.Clod245.Trojan

1.3.0.4959

Clam AntiVirus

Win.Trojan.Rdpbrute

0.98/213

Dr.Web

Tool.RDPBrute.3

9.0.1.0149

Emsisoft Anti-Malware

Trojan.Generic.11190543

8.14.05.29.07

Fortinet FortiGate

Riskware/PUP_z

5/29/2014

F-Secure

Trojan.Generic.11190543

11.2014-29-05_5

G Data

Trojan.Generic.11190543

14.5.24

IKARUS anti.virus

HackTool.Win32.RDPBrute

t3scan.1.6.1.0

McAfee

Artemis!08460B6F9D3F

5600.7116

Microsoft Security Essentials

HackTool:Win32/Rdpbrute

1.10600

MicroWorld eScan

Trojan.Generic.11190543

15.0.0.447

NANO AntiVirus

Trojan.Win32.RDPBrute.vqkik

0.28.0.59921

Norman

Hacktool.LXZ

11.20140529

nProtect

Trojan/W32.Agent.281088.EO

14.05.22.01

Panda Antivirus

Trj/CI.A

14.05.29.07

Rising Antivirus

PE:Trojan.Win32.Generic.12848D7F!310676863

23.00.65.14527

Sophos

RDPBrute

4.98

Trend Micro House Call

HKTL_RDPBRUTE

7.2.149

Trend Micro

HKTL_RDPBRUTE

10.465.29

VIPRE Antivirus

Trojan.Win32.Generic

29484

ViRobot

HackTool.RDPBrute.281088

2011.4.7.4223

Zillya! Antivirus

Tool.RDPBrute.Win32.2

2.0.0.1797

File size:

274.5 KB (281,088 bytes)

File type:

Executable application (Win32 EXE)

File PE Metadata

Compilation timestamp:

9/29/2010 7:00:33 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

9.0

CTPH (ssdeep):

6144:Zrsv1iDO+rD7VfOVa2JsBYS5IgGY0nMS6tupm5PNSw9OgCtA7cCgO:Zrsv1iDO+rD7VfOVa8sBf5IgGY0nMvtx

Entry address:

0x322C8

Entry point:

E8, 61, 05, 00, 00, E9, 40, FD, FF, FF, FF, 25, B0, 68, 44, 00, FF, 25, B4, 68, 44, 00, FF, 25, B8, 68, 44, 00, FF, 25, 64, 69, 44, 00, FF, 25, C0, 68, 44, 00, FF, 25, C4, 68, 44, 00, FF, 25, C8, 69, 44, 00, FF, 25, CC, 68, 44, 00, FF, 25, D0, 68, 44, 00, FF, 25, D4, 68, 44, 00, FF, 25, D8, 68, 44, 00, FF, 25, DC, 68, 44, 00, FF, 25, E0, 68, 44, 00, FF, 25, E4, 68, 44, 00, FF, 25, E8, 68, 44, 00, FF, 25, EC, 68, 44, 00, FF, 25, F0, 68, 44, 00, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, F8, 50, 44, 00... 
[+]

Entropy:

5.4038

Code size:

229.5 KB (235,008 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP:

Connects to mail.healthyhomeva.com (71.251.235.70:3389)

Remove rdpthread.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.