remcos | d20ea7ca9b2cc27ccdb4eb9bc91d922e | Triage

Sharing

General

Target

d20ea7ca9b2cc27ccdb4eb9bc91d922e
Size

420KB
MD5

d20ea7ca9b2cc27ccdb4eb9bc91d922e
SHA1

5b7ec5a5fd1d267f78aa309e533161a6fc5f040c
SHA256

576ac1695ed2925ded19a4b1cd1b93c1154eedadca1381469f3e799c2357ef31
SHA512

e325ad214d62fdd6a8918e8451ef741ae19717a42560a29a786d4ca88ec5d13fc42fdcba6b6d95649e50d91b408fcc2221cea752cfb77ac2f63b3f8d7019b9d3
SSDEEP

6144:f9g5p/aJJL7XJAnY7jioSgBK0Ru115xTcYeEknZJJAVAeg:fgUJHX+nOjhBq1j2AWz

Score

10^/10

remcos

Malware Config

Signatures

Remcos family
remcos
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

d20ea7ca9b2cc27ccdb4eb9bc91d922e

Files

d20ea7ca9b2cc27ccdb4eb9bc91d922e
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 417KB - Virtual size: 416KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ