remcos | ff044509cd6eba3681d1f548574b5d7a | Triage

Sharing

General

Target

ff044509cd6eba3681d1f548574b5d7a
Size

420KB
MD5

ff044509cd6eba3681d1f548574b5d7a
SHA1

d83b30d4bf145fcf8053e190ab9a0af0577d4cee
SHA256

e897d756722140b424ac02aab14733d05074d5c40f019c6420bc2689dccd6915
SHA512

ae1bdc80b0cb1be8261a36fd194620b7efd6c391b508f05d5351c9a0b620f3066342ba4a6543821ed9adbb742a29936b925036f321993c3dde151a08cc5af7e0
SSDEEP

6144:d9g5p/aJJL7XJAnY7jioSgBK0Ru115xTcYeEknZJJAVAe3:dgUJHX+nOjhBq1j2AWE

Score

10^/10

remcos

Malware Config

Signatures

Remcos family
remcos
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

ff044509cd6eba3681d1f548574b5d7a

Files

ff044509cd6eba3681d1f548574b5d7a
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 417KB - Virtual size: 416KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ