remcos | 79f9a51f8026ae837d12132246c10e6b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

79f9a51f8026ae837d12132246c10e6b
Size

373KB
MD5

79f9a51f8026ae837d12132246c10e6b
SHA1

ec33402f2bb20fb31ca2e452e7879d5c740c76b8
SHA256

85ec341e69ea53e288d2513adfc8e8ed2c4fe75916414765c97d23af3dcf3432
SHA512

836537475a7567f82c1a88127c4ab8b13e937e60a6ad3eab9343935f86132793c0e678ace4e366fbf36d2514c8544b99acf9a84ca08af79bd40e838aab355fe6
SSDEEP

6144:bdg5n5DJJL7XJAnY7yo0nqsJ445mgy+sk8VAX8dN4pU:8nnJHX+nO8hJB5mKD8Zj

Score

10^/10

remcos

Malware Config

Signatures

Remcos family
remcos

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
79f9a51f8026ae837d12132246c10e6b

Files

79f9a51f8026ae837d12132246c10e6b
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.da
Size: 362KB - Virtual size: 361KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.xud
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ