wtsapi32.dll
- Filename:
- wtsapi32.dll
- md5:
- 33f6c6b3727a233819111e3b3aae96ec
- sha1:
- ef72cf80231942ce3d03c30ba08c03c79e176407
- sha256:
- 36066cc93e5aa0977439b6769705edc01967b174584cbb283e98dfef1582cc7e
- Filetype:
- PE32+ executable (DLL) (console) x86-64, for MS Wi ...
- Size (Bytes):
- 3467512
- Classification:
- malicious
- Indexed:
- Thu Jul 10 2025 10:37:44 GMT+0000 (3 months ago)
- Last modified:
- Thu Jul 10 2025 12:30:11 GMT+0000 (3 months ago)
Sample information
8
Antivirus detections0
IDS alerts64
Processes0
Http events0
Contacted hosts0
DNS Requests10
Score
Current activity of this Sample
Blacklist timeline
Malicious
90 days since the last reported activity
Hashes
In depth details
Dates
Explore our API specification anytime here:
cURL
Python
PowerShell
Request:
curl -H "Authorization: Bearer <API_KEY>" https://api.maltiverse.com/sample/36066cc93e5aa0977439b6769705edc01967b174584cbb283e98dfef1582cc7e
Response:
{
"antivirus": [
{
"description": "FileRepMalware [Bd]",
"name": "AVG"
},
{
"description": "FileRepMalware [Bd]",
"name": "Avast"
},
{
"description": "win/malicious_confidence_100% (W)",
"name": "CrowdStrike"
},
{
"description": "Detected",
"name": "Google"
},
{
"description": "ti!36066CC93E5A",
"name": "McAfeeD"
},
{
"description": "Mal/Loader-C",
"name": "Sophos"
},
{
"description": "Artemis!33F6C6B3727A",
"name": "TrellixENS"
},
{
"description": "Mal/Loader-C",
"name": "ZoneAlarm"
}
],
"blacklist": [
{
"count": 9,
"description": "Generic Malware",
"first_seen": "2025-07-10 11:00:04",
"last_seen": "2025-07-10 12:30:11",
"ref": [
21745
],
"source": "Hybrid-Analysis"
}
],
"classification": "malicious",
"creation_time": "2025-07-10 10:37:44",
"filename": [
"wtsapi32.dll"
],
"filetype": "PE32+ executable (DLL) (console) x86-64, for MS Wi ...",
"is_alive": false,
"is_cdn": false,
"is_cnc": false,
"is_distributing_malware": false,
"is_hosting": false,
"is_iot_threat": false,
"is_known_attacker": false,
"is_known_scanner": false,
"is_mining_pool": false,
"is_open_proxy": false,
"is_phishing": false,
"is_sinkhole": false,
"is_storing_phishing": false,
"is_tor_node": false,
"is_vpn_node": false,
"md5": "33f6c6b3727a233819111e3b3aae96ec",
"modification_time": "2025-07-10 12:30:11",
"process_list": [
{
"name": "<Ignored Process>",
"uid": "00000000-00003760"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#1",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00005656"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#2",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00004540"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#4",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00004972"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#3",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00003240"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#5",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00000932"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#6",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00002308"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#7",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00007796"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#8",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00002584"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#9",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00007096"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#10",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00003980"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#11",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00007068"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#12",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00005188"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#13",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00007728"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#14",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00001260"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#15",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00002328"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#16",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00000824"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#17",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00001556"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#18",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00006984"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#19",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00000368"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#20",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00001988"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#21",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00007420"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#22",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00007588"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#23",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00000980"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#24",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00004904"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#25",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00004604"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#26",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00005564"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#27",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00007640"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#28",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00005256"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#29",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00002208"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#30",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00007284"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#31",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00007744"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#32",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00007988"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#33",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00007440"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#34",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00004448"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#35",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00004260"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#36",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00001948"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#37",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00007928"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#38",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00007548"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#39",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00006972"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#40",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00000872"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#41",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00005772"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#42",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00006428"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#43",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00006436"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#44",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00005876"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#45",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00005812"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#46",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00007844"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#47",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00001316"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#48",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00007596"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#49",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00006932"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#50",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00005628"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#51",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00007036"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#52",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00000200"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#53",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00006956"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#54",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00003892"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#55",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00003456"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#56",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00002496"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#57",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00005392"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#58",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00005316"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#59",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00005104"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#60",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00002952"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#61",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00006328"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#62",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00003772"
},
{
"commandline": "\"C:\\wtsapi32.dll\",#63",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
"sha256": "b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6",
"uid": "00000000-00002948"
}
],
"score": 10,
"scoring_executed_time": "2025-07-10 11:00:05",
"sha1": "ef72cf80231942ce3d03c30ba08c03c79e176407",
"sha256": "36066cc93e5aa0977439b6769705edc01967b174584cbb283e98dfef1582cc7e",
"size": 3467512,
"type": "sample"
}
Antivirus positives
| Antivirus | Threat |
|---|---|
| AVG | FileRepMalware [Bd] |
| Avast | FileRepMalware [Bd] |
| CrowdStrike | win/malicious_confidence_100% (W) |
| Detected | |
| McAfeeD | ti!36066CC93E5A |
| Sophos | Mal/Loader-C |
| TrellixENS | Artemis!33F6C6B3727A |
| ZoneAlarm | Mal/Loader-C |
Process list
- uid
- 00000000-00003760
- commandline
- name
- <Ignored Process>
- normalizedpath
- sha256
- uid
- 00000000-00005656
- commandline
- "C:\wtsapi32.dll",#1
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00004540
- commandline
- "C:\wtsapi32.dll",#2
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00004972
- commandline
- "C:\wtsapi32.dll",#4
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00003240
- commandline
- "C:\wtsapi32.dll",#3
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00000932
- commandline
- "C:\wtsapi32.dll",#5
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00002308
- commandline
- "C:\wtsapi32.dll",#6
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00007796
- commandline
- "C:\wtsapi32.dll",#7
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00002584
- commandline
- "C:\wtsapi32.dll",#8
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00007096
- commandline
- "C:\wtsapi32.dll",#9
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00003980
- commandline
- "C:\wtsapi32.dll",#10
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00007068
- commandline
- "C:\wtsapi32.dll",#11
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00005188
- commandline
- "C:\wtsapi32.dll",#12
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00007728
- commandline
- "C:\wtsapi32.dll",#13
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00001260
- commandline
- "C:\wtsapi32.dll",#14
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00002328
- commandline
- "C:\wtsapi32.dll",#15
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00000824
- commandline
- "C:\wtsapi32.dll",#16
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00001556
- commandline
- "C:\wtsapi32.dll",#17
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00006984
- commandline
- "C:\wtsapi32.dll",#18
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00000368
- commandline
- "C:\wtsapi32.dll",#19
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00001988
- commandline
- "C:\wtsapi32.dll",#20
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00007420
- commandline
- "C:\wtsapi32.dll",#21
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00007588
- commandline
- "C:\wtsapi32.dll",#22
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00000980
- commandline
- "C:\wtsapi32.dll",#23
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00004904
- commandline
- "C:\wtsapi32.dll",#24
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00004604
- commandline
- "C:\wtsapi32.dll",#25
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00005564
- commandline
- "C:\wtsapi32.dll",#26
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00007640
- commandline
- "C:\wtsapi32.dll",#27
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00005256
- commandline
- "C:\wtsapi32.dll",#28
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00002208
- commandline
- "C:\wtsapi32.dll",#29
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00007284
- commandline
- "C:\wtsapi32.dll",#30
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00007744
- commandline
- "C:\wtsapi32.dll",#31
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00007988
- commandline
- "C:\wtsapi32.dll",#32
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00007440
- commandline
- "C:\wtsapi32.dll",#33
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00004448
- commandline
- "C:\wtsapi32.dll",#34
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00004260
- commandline
- "C:\wtsapi32.dll",#35
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00001948
- commandline
- "C:\wtsapi32.dll",#36
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00007928
- commandline
- "C:\wtsapi32.dll",#37
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00007548
- commandline
- "C:\wtsapi32.dll",#38
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00006972
- commandline
- "C:\wtsapi32.dll",#39
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00000872
- commandline
- "C:\wtsapi32.dll",#40
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00005772
- commandline
- "C:\wtsapi32.dll",#41
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00006428
- commandline
- "C:\wtsapi32.dll",#42
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00006436
- commandline
- "C:\wtsapi32.dll",#43
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00005876
- commandline
- "C:\wtsapi32.dll",#44
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00005812
- commandline
- "C:\wtsapi32.dll",#45
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00007844
- commandline
- "C:\wtsapi32.dll",#46
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00001316
- commandline
- "C:\wtsapi32.dll",#47
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00007596
- commandline
- "C:\wtsapi32.dll",#48
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00006932
- commandline
- "C:\wtsapi32.dll",#49
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00005628
- commandline
- "C:\wtsapi32.dll",#50
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00007036
- commandline
- "C:\wtsapi32.dll",#51
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00000200
- commandline
- "C:\wtsapi32.dll",#52
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00006956
- commandline
- "C:\wtsapi32.dll",#53
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00003892
- commandline
- "C:\wtsapi32.dll",#54
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00003456
- commandline
- "C:\wtsapi32.dll",#55
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00002496
- commandline
- "C:\wtsapi32.dll",#56
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00005392
- commandline
- "C:\wtsapi32.dll",#57
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00005316
- commandline
- "C:\wtsapi32.dll",#58
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00005104
- commandline
- "C:\wtsapi32.dll",#59
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00002952
- commandline
- "C:\wtsapi32.dll",#60
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00006328
- commandline
- "C:\wtsapi32.dll",#61
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00003772
- commandline
- "C:\wtsapi32.dll",#62
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6
- uid
- 00000000-00002948
- commandline
- "C:\wtsapi32.dll",#63
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\System32\rundll32.exe
- sha256
- b1e6a7a3e2597e51836277a32b2bc61aa781c8f681d44dfddea618b32e2bf2a6