General
-
Target
d76a0fcf4aa40e780ebd3f6cb93e0dc9.exe
-
Size
883KB
-
MD5
d76a0fcf4aa40e780ebd3f6cb93e0dc9
-
SHA1
ce29408b25bd0d1433abdf087bc366cd89e12919
-
SHA256
3783ac98c3f6666dd97783ec656c16f54211628e92d9a629c06d6269a89dd4be
-
SHA512
8519f6e8cbb978aeb6c2a903b548b1a235da65b57f48092171005323ee9fd582694590f439eec6032e48d92b2fe4d9709ac83699f878b86f105b16d482135a29
-
SSDEEP
12288:F406AQY5PupeoDrQ+3JJmYZHQJs/ZPGtRq:F6A15PupeoDrQeZHQoZK
Malware Config
Signatures
-
Remcos family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource d76a0fcf4aa40e780ebd3f6cb93e0dc9.exe
Files
-
d76a0fcf4aa40e780ebd3f6cb93e0dc9.exe.exe windows x86
bd51a645a9c68bd03b2e51586e5cbdcb
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetProcAddress
LoadLibraryA
Sections
.text Size: 881KB - Virtual size: 884KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 4KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE