remcos | 37401840x0000000000400000[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

37401840x0000000000400000.dmp
Size

500KB
MD5

9c2d6fa9914b10b19fd8efc1ec8ce725
SHA1

b2e37fa0f21e98662e6ec115a33ad8d215a58f7e
SHA256

bb16352ce4d82ebbe834e8aafdf956c7d532fe7416ab42a57be89f986b609e79
SHA512

9d5d8541d5501c82b75195992e2f1fd1b27135b91fd594ed34ef9d6d6137001c66f30452725cb90468452a64bb3ea142b5d01de6d9c58c1ae423b3791a6b0595
SSDEEP

12288:HRXxReZj3WZfj/2eSseWFaIe2+f8CL46s/Zf2XDU:Hx7cyF2eSsewS8W4BZO

Score

10^/10

remcos

Malware Config

Signatures

Remcos family
remcos

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37401840x0000000000400000.dmp

Files

37401840x0000000000400000.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 347KB - Virtual size: 346KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ