remcos | 4dadf7dcfd26fb4054fd4c907fcb8e12b0d6192439afc9e50e412954bf6276de

General

Target

4dadf7dcfd26fb4054fd4c907fcb8e12b0d6192439afc9e50e412954bf6276de
Size

261KB
MD5

19f1c5d5fec83a7cc1a27957f7942c2d
SHA1

e3de6e845912193556f3850ff3e06ddbd91a966f
SHA256

4dadf7dcfd26fb4054fd4c907fcb8e12b0d6192439afc9e50e412954bf6276de
SHA512

f0156c2c18d9038312a566c247d45a08cc2f5acda44360ce965b139479e8be1cbe75df477a01395a204140bfcb0e37cd7aeb5fc404829d0227de8394985bb8f2
SSDEEP

6144:5IqTfXZjwCZ6wphAoPgLVAXrp7oX6FFrz9f2+rPeU5gE0Apr4/bsdJPsTEO:5IqzXZMCso4LVOlFC+jeEFpc/bsdOEO

Score

10^/10

upx remcos

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/1f5e25a403ec45bb014587df458dbd7ff7e94a50ec3d89b51fd0b67f1cb97f26.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1f5e25a403ec45bb014587df458dbd7ff7e94a50ec3d89b51fd0b67f1cb97f26.exe

4dadf7dcfd26fb4054fd4c907fcb8e12b0d6192439afc9e50e412954bf6276de
.zip

Password: infected
1f5e25a403ec45bb014587df458dbd7ff7e94a50ec3d89b51fd0b67f1cb97f26.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 312KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX1
Size: 213KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE