remcos | 1092-56-0x00000000003D0000-0x0000000000B08000-memory[.]dmp

Sharing

Copy URL

Twitter E-mail

General

Target

1092-56-0x00000000003D0000-0x0000000000B08000-memory.dmp
Size

7.2MB
MD5

e469d75e2009e5b6fb781f30d88ab6f2
SHA1

6d63a40f294e75a7bfd6bb36fb0ed68fd889e322
SHA256

dd26d901965e77451135ac1f02ce11311935ccc8359ae633ded1f8649a51eb80
SHA512

e4b4f292ab43020c77754fd926e34bb53a25cbbd166175cc0ef97f3f6f876d98205053a9a3a31a6b10f6a02ca691faf60f5a6d1ab7df19d0bc36651f24d1afc2
SSDEEP

98304:47hTinCmWEI01abKYCCNl1+Wa9ngUNhBu2AP6jUVQA5yuiND8UblN9aG9d1SvJ+p:WiWa9/u2HUlOD8UbUGt6JX6y8eu88S

Score

10^/10

themida remcos

Malware Config

Signatures

Remcos family
remcos
Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

resource	yara_rule
sample	themida

Files

1092-56-0x00000000003D0000-0x0000000000B08000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 185KB - Virtual size: 330KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 41KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 777B - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 9B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 308B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 5KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 11KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

Size: 185KB - Virtual size: 330KB

Size: 41KB - Virtual size: 91KB

Size: 777B - Virtual size: 15KB

Size: 9B - Virtual size: 9B

Size: 308B - Virtual size: 560B

Size: 5KB - Virtual size: 18KB

Size: 11KB - Virtual size: 14KB

.imports Size: 1024B - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 17KB - Virtual size: 17KB

.themida Size: - Virtual size: 4.1MB

.boot Size: 2.6MB - Virtual size: 2.6MB

.reloc Size: 16B - Virtual size: 4KB

.imports
Size: 1024B - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 17KB - Virtual size: 17KB

.themida
Size: - Virtual size: 4.1MB

.boot
Size: 2.6MB - Virtual size: 2.6MB

.reloc
Size: 16B - Virtual size: 4KB