remcos | JaffaCakes118_aa3b46d5c5e86fdd069d6f2b090dde9654053c1a6e9ee5ace1bfd19818ebb7a8 | Triage

Sharing

General

Target

JaffaCakes118_aa3b46d5c5e86fdd069d6f2b090dde9654053c1a6e9ee5ace1bfd19818ebb7a8
Size

484KB
MD5

db393ac1c4d4ac2d0e6b0afe2e6a8f67
SHA1

ab7e48982d986ef21f52acb8af2e0cbdf90dc8d6
SHA256

aa3b46d5c5e86fdd069d6f2b090dde9654053c1a6e9ee5ace1bfd19818ebb7a8
SHA512

3ce5979cc74bf5cc75d10e543be57f867a657ed3de646461cf250639a87e72977c11378bccb40147f3a3ab4d38587b42f02fae3a906aff843ff9a9ba14191aa6
SSDEEP

6144:lp1w8GjxVQcYIrv86KnbDIupDXFXQPdIq//3L3QBaHLIAOZZmYXjYcuIEb:lp1wR7QXIb86iv1XQP2q//7W/ZmSFEb

Score

10^/10

remcos

Malware Config

Signatures

Remcos family
remcos

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_aa3b46d5c5e86fdd069d6f2b090dde9654053c1a6e9ee5ace1bfd19818ebb7a8

Files

JaffaCakes118_aa3b46d5c5e86fdd069d6f2b090dde9654053c1a6e9ee5ace1bfd19818ebb7a8
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 326KB - Virtual size: 326KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ