remcos | 1720-89-0x0000000010590000-0x0000000010612000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1720-89-0x0000000010590000-0x0000000010612000-memory.dmp
Size

520KB
MD5

8682697398276086caeb9e6a5f9d68a3
SHA1

d21e43b40111f110882c36e611d6db235488b592
SHA256

8c2bbc0d5bef43ce7721764cda3832426c0fae27abdfb61eb40b103bc4fcdacc
SHA512

2844e9ede5a1a8f6cfb29e3b92f01f4ae8f4bbe95a37209c4bcc638ffcbe27524897a5ff17ebb6746d945147b020c07415497a983461524ec926d4a882e40525
SSDEEP

6144:YbdjQFiTrgVohW1ydxCrLkE7ZFCSq1zeH4L5WIMOHsAOZZL1XBcYw4:YbdUYCohW1kMfkEbCSqxeYdsfZLI4

Score

10^/10

remcos

Malware Config

Signatures

Remcos family
remcos

Files

1720-89-0x0000000010590000-0x0000000010612000-memory.dmp
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 473KB - Virtual size: 508KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE