remcos | 1e2fa0679c3115830fbae9995e9f4d9ae8e1c6cc1fe20131859361cb1fab0d88

General

Target

1e2fa0679c3115830fbae9995e9f4d9ae8e1c6cc1fe20131859361cb1fab0d88
Size

261KB
MD5

7da298b03773dc982fffa3fc3f7b1244
SHA1

bcc79b332b13476b526e831fcafb336e12ac1345
SHA256

1e2fa0679c3115830fbae9995e9f4d9ae8e1c6cc1fe20131859361cb1fab0d88
SHA512

cfbca0527293ac6923a70ee3b40b9f529a6c5eb6425f7134c17425ac9200b5da2094e0ef0b23b1eda31c8e7b9dc5cdd8dec3681cb2fd2e646ebb86a542d3f05e
SSDEEP

6144:t4bpMFulVGyUHBcZyJfvzHflqm4RXwbrxC0G3P1xy:mbTVbagkfvjl94RgxjG3P1xy

Score

10^/10

upx remcos

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/a4d3d83b3d71b7aaba2dc83f5900ba3d0fdbc8a2a3d7d6fb763c7100d4fd13d6.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/a4d3d83b3d71b7aaba2dc83f5900ba3d0fdbc8a2a3d7d6fb763c7100d4fd13d6.exe

1e2fa0679c3115830fbae9995e9f4d9ae8e1c6cc1fe20131859361cb1fab0d88
.zip

Password: infected
a4d3d83b3d71b7aaba2dc83f5900ba3d0fdbc8a2a3d7d6fb763c7100d4fd13d6.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 312KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX1
Size: 213KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE