remcos | 1504-71-0x0000000000400000-0x000000000047F000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1504-71-0x0000000000400000-0x000000000047F000-memory.dmp
Size

508KB
MD5

3db3e2771c0e9867f011e10f44af3e14
SHA1

58765a74a8fbc83f3e51f5425eabf6d2e96556e0
SHA256

660ac1306b67746a8fc305376081bc56758ff8e6a2f58c3cdfbbb132ae1e9d73
SHA512

925913c68a2f13613890a60b7f93f6e4ffe7f92da1c46752de103ae4fcb3ca06bc5273431389ecc1199284fe0c38838fa9f0c7c071e5dd12bd68d257dcb48c02
SSDEEP

6144:UbdjQFiTrgVohW1ydxCrLkE7ZFCSq1zeH4L5WIMOHsAOZZL1XBc:UbdUYCohW1kMfkEbCSqxeYdsfZL

Score

10^/10

remcos

Malware Config

Signatures

Remcos family
remcos

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1504-71-0x0000000000400000-0x000000000047F000-memory.dmp

Files

1504-71-0x0000000000400000-0x000000000047F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 338KB - Virtual size: 337KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ