remcos_dump1[.]exe | Triage

Sharing

General

Target

remcos_dump1.exe
Size

1.6MB
MD5

e41a38863f830ac71c9522735b950fb5
SHA1

f7141b7542e4852a8c8f840b475e1482df2b3fbd
SHA256

9ec75fe69dd6dd37d717db0ba784ba0e9a2ca6d2fa8a4b485952d90ae64a8222
SHA512

dbb67fb2cc73f389af69a3a72c6ae32d73279ba1605cde7bb9d595a268e9a7807cd7ac06c536f4ac36476f6f371e5e0e282e5133049cacc1cd71463299d97417
SSDEEP

24576:BnS/mDzRIfYTRW1jhpvhIXcX6958T2o7XmuUKWSe+K3qOX8c:jDbT2vmMXKu2o7WubFc8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
remcos_dump1.exe

Files

remcos_dump1.exe
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT
Size: 512B - Virtual size: 425B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mrdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 443KB - Virtual size: 442KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ