remcos | 4f212c057c26172c98f463fab16a5276[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4f212c057c26172c98f463fab16a5276.bin
Size

508KB
MD5

4f212c057c26172c98f463fab16a5276
SHA1

747ea120f37a567622da838aa99ccb1b5a5bbaa6
SHA256

7f0d794926f25605aa96e26509731ed45c97b602dc9f1821d9b04b4c6e6243a8
SHA512

b25ea9b26bdf746c2cf1eee9ce601cf6b89146a6009c7038a6cf709651bfaf40b105263aea3da955b3bfc3b6ae8b920e5973a96a7145bd1dbb3c5752a1c9e7a5
SSDEEP

6144:uAg4RVDZlHx5k7iLZnaSguI2IiRL/SISjw8nHWh1R2K3g9ZsAOZZQmXxlcK:umnk7iLJbpIpiRL6I2WhSKQ9ZsfZQS

Score

10^/10

remcos

Malware Config

Signatures

Remcos family
remcos

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4f212c057c26172c98f463fab16a5276.bin

Files

4f212c057c26172c98f463fab16a5276.bin
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 337KB - Virtual size: 336KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ