Remcos-RAT-3[.]8[.]0[.]exe | Triage

Sharing

General

Target

Remcos-RAT-3.8.0.exe
Size

7KB
MD5

6166f997b4bb3428ae0d9d4b4e1f0db2
SHA1

d18a89610c4ab5ff73532a608e3ba0038d6146e0
SHA256

3e3ef95e4d20e1cf759021d91f834b6f2c82a1a9dbab3cab1605a55bc85d5be5
SHA512

087be6857f602a648c612c9c849560c8c803182bf08bbdbc41f58eb17e28a1822ded1b1fb45c9a007722b6c6a19754671159a0a3510cc80188d3c145ab5a297c
SSDEEP

96:oz4/c4Kr6GgZ2+dzcMsio1ZafV/WyDhh1e35YZNW+hC/zNt:64KuG+2I5xfVWyDhh1eG10p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Remcos-RAT-3.8.0.exe

Files

Remcos-RAT-3.8.0.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Gadr\source\repos\ConsoleApp5\ConsoleApp5\obj\x86\Debug\System32.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ