remcos | 112-161-0x0000000010590000-0x0000000010613000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

112-161-0x0000000010590000-0x0000000010613000-memory.dmp
Size

524KB
MD5

cf460f1d62c7878ded90ae3576b195ff
SHA1

6e4129f5aff93b8397b07c008050532f3a78958a
SHA256

d0e3cdd318e8cdd96a4b224371ea6879a092b5de77966733292909b36c066bd5
SHA512

0d86836ce0b100813bd3c34109da612b3cdb6d303feddf59b2bd5f6f3e3de8b1982333141a55c2082c2b858b039014a4876f44d2d9ba0a92125db2e730893476
SSDEEP

12288:mjdAK8wxqkXuxOqLXO3X2orpbKs/Z6iBRq:8A3wxqkXuxOq+rpbRZ3

Score

10^/10

remcos

Malware Config

Signatures

Remcos family
remcos

Files

112-161-0x0000000010590000-0x0000000010613000-memory.dmp
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 478KB - Virtual size: 512KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE