remcos | 924-61-0x0000000000400000-0x0000000000480000-memory[.]dmp | Triage

Sharing

General

Target

924-61-0x0000000000400000-0x0000000000480000-memory.dmp
Size

512KB
MD5

e9d49b4a654be30910afdec6f10369da
SHA1

f4a7387f92273440b613d34d43af555b63904c07
SHA256

877abecab9d6b6075fabd27652d62af9c1cef652a5aa4bd2ec0fac9fa06156ff
SHA512

03697f0574c7e88809c48312bd0676ddc745ee7b9622e7a5c942fb730f1647544e8599292630c2f406e66c6a6fedf5cbb1dd3ee2901365b5d2d3d294b533bb05
SSDEEP

6144:6XVUvr+eNVx6JuGD5To83sRnymABKtqulRwOJfZJEfcZdC48hAiWsAOZZ8RX7mc:6X8/Vx65HCnDAByqulR1fZJQGs/Z8

Score

10^/10

remcos

Malware Config

Signatures

Remcos family
remcos

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
924-61-0x0000000000400000-0x0000000000480000-memory.dmp

Files

924-61-0x0000000000400000-0x0000000000480000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 343KB - Virtual size: 342KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ