remcos_a[.]exe | Triage

Sharing

General

Target

remcos_a.exe
Size

197KB
MD5

65457174406297076acf63ff9ea6b836
SHA1

6998b6941c84f09162acef6995aa9240fa304ed7
SHA256

859e71388525cd23d7d84bd11d6dc2b40387e440cc15ec3aa653f19a34c5fe30
SHA512

e863bd6c41ba69e9d0ad31d28e66d78004d22513a1b5d3df4872983bb134b54d2beed76017ea889036112a570a1f4c963cdb98482381922a4a8f9c48e1f97150
SSDEEP

3072:cgoqAnruXO+Fsw6yRZgl/HyN7BmBFbhI6kJe6qiaJCEmxiZIvIII:hovgFR6UZgRQ78D8th5iZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

remcos_a.exe

Files

remcos_a.exe
.exe windows:5 windows x86 arch:x86

3062e50d2fa67f7426fb01fd27779682

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

DrawIcon

gdi32

BitBlt

advapi32

RegCloseKey

shell32

ExtractIconA

shlwapi

StrToIntA

winmm

PlaySoundW

ws2_32

connect

urlmon

URLDownloadToFileW

gdiplus

GdipFree

wininet

InternetOpenW

Sections

.MPRESS1
Size: 175KB - Virtual size: 464KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE