Rdpwrap: DON'T OPEN THIS APP, THIS IS VERY DANGEROUS!

Created on 9 Feb 2020 · 3Comments · Source: stascorp/rdpwrap

These are the REAL issues with the RDP file:

Application.RemoteAdmin.RHU
BitDefender

Application.RemoteAdmin.RHU
CAT-QuickHeal

Trojan.Rdpwrap
ClamAV

Doc.Dropper.Agent-7491006-0
Comodo

ApplicUnwnt@#16l2vnbel8f2f
DrWeb

Program.Rdpwrap.4
Emsisoft

Application.RemoteAdmin.RHU (B)
ESET-NOD32

A Variant Of Win32/RDPWrap.A Potentially Unsafe
F-Secure

PrivacyRisk.SPR/RemoteAdmin.AO
FireEye

Application.RemoteAdmin.RHU
GData

Application.RemoteAdmin.RHU
Kaspersky

Not-a-virus:RemoteAdmin.Win32.RDPWrap.h
MAX

Malware (ai Score=88)
NANO-Antivirus

Riskware.Win32.Rdpwrap.exbrms
Rising

Malware.Undefined!8.C (CLOUD)
Sangfor Engine Zero

Malware
Sophos ML

Heuristic
TrendMicro

HackTool.Win32.Radmin.GD
TrendMicro-HouseCall

HackTool.Win32.Radmin.GD
VIPRE

Trojan.Win32.Generic!BT
Zillya

Tool.RemoteAdmin.Win32.5
ZoneAlarm by Check Point

Not-a-virus:RemoteAdmin.Win32.RDPWrap

Source

papoluisjr

👎8 😄4

Most helpful comment

These are the REAL issues with the RDP file:

Application.RemoteAdmin.RHU
BitDefender

Etc., etc., etc.

@papoluisjr If you honestly do not understand the nature of this software, or how "Virus Scanners" identify a host of issues that are not viruses, you probably have no business on GitHub.

Furthermore, if you have no understanding of what legal liability and consequences of libel and defamation are, you probably should not be posting anywhere public on the internet. Your ignorance is saved forever and your posts are archived.

Now, if you are interested in changing your tack, drop the erroneous and ignorant accusations, assume a posture of "repentance" (since you chose the term), and make respectful, responsible, and reasonable inquiry as to WHY software that was intentionally designed to supersede Windows built-in (and exceedingly prohibitive) security measures may trigger False Positives in some malware scanners; I'm reasonably certain some members here MAY consider assisting you at your level of technological incompetence/ignorance.

Theli93 on 13 Feb 2020

👍4 👀1 🎉1

All 3 comments

What do you expect? It allows you to access a Windows computer more than once without notifying the logged in user, if you deploy this nefariously of course it should be flagged as such.... If people do not do their own testing to make sure this is not communicating out than its their own fault!

arejaytee on 12 Feb 2020

👍2

These are the REAL issues with the RDP file:

Application.RemoteAdmin.RHU
BitDefender

Etc., etc., etc.

@papoluisjr If you honestly do not understand the nature of this software, or how "Virus Scanners" identify a host of issues that are not viruses, you probably have no business on GitHub.

Theli93 on 13 Feb 2020

👍4 👀1 🎉1

@Theli93 - The thing is, while not conclusive, he may have a valid point.

You can check the resource.res file yourself using ResEdit (free application).

Files contained within src-installer\resource.res:

CONFIG - is actually the rdpwrap.ini, but a default one.
License - is a text file.
RDPCLIP6032.exe
RDPCLIP6064.exe
RDPCLIP6132.exe
RDPCLIP6164.exe
RDPW32.dll
RDPW64.dll
RFXVMT32.dll
RFXVMT64.dll

RDPCLIPxxxx.exe is copied into Windows\System32.

RDPW32, RDPW64, RFXVMT32, and RFXVMT64 - is renamed to RDPWRAP.DLL and copied into
"C:\Program Files\RDP Wrapper" and in some situations Windows\System32.

Also, it seems, rdpwrap.ini isn't used to patch anything, it is only used to check the \System32\termsrv.dll version is compatible with the binaries included in resource.res.

While these don't get flagged by my virus scanner, it is somewhat disconcerting, no way to know how they have been altered beyond what is expected, without comparing it to the originals.

I would have liked more transparency, giving us the option to find our own binaries and patch them using IDA or some other method.