remcos | JaffaCakes118_0df92edf9f3a4d683e5f7f4597d2e3a18dc19d97f7def7bbb5d8777631c9fda1 | Triage

Sharing

General

Target

JaffaCakes118_0df92edf9f3a4d683e5f7f4597d2e3a18dc19d97f7def7bbb5d8777631c9fda1
Size

488KB
MD5

09579566377e7d2079f40a99b54e6508
SHA1

ecb249acf1c84ead3364003aa95bd8d49a4cb80c
SHA256

0df92edf9f3a4d683e5f7f4597d2e3a18dc19d97f7def7bbb5d8777631c9fda1
SHA512

82d46bdd01749e5cabded0993b028612fb3c86a66c6565dadaa180d6f5677567e5afd72db74ed544e19e10f46a175beab3dc06b3a87c76435e8438f3b355200b
SSDEEP

12288:J2rY8m1+I44lpCGaD/s3azjX+5sfZErVg:sM8m+I44l0GaxzjfZWS

Score

10^/10

remcos

Malware Config

Signatures

Remcos family
remcos

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_0df92edf9f3a4d683e5f7f4597d2e3a18dc19d97f7def7bbb5d8777631c9fda1

Files

JaffaCakes118_0df92edf9f3a4d683e5f7f4597d2e3a18dc19d97f7def7bbb5d8777631c9fda1
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 331KB - Virtual size: 330KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ