remcos | JaffaCakes118_44ff410a8de028ad6ceb9f2e80226fd2c0ba6fa429f1bf50c1a512ece893e68e | Triage

Sharing

General

Target

JaffaCakes118_44ff410a8de028ad6ceb9f2e80226fd2c0ba6fa429f1bf50c1a512ece893e68e
Size

488KB
MD5

390f787ac3a556039bf6a4c1ce91fcde
SHA1

2582eccc75a557b5613e48ae5f68e974cf4775ca
SHA256

44ff410a8de028ad6ceb9f2e80226fd2c0ba6fa429f1bf50c1a512ece893e68e
SHA512

1c819134cca8d815c2440d4cff62eed1915992f27149942cae839f694e4b562f44d23c27095e7c698a2fc8ba0d0ee832c9723300198da4b9457f76216e7423d4
SSDEEP

6144:3lyllnnBE3jP7zg30nKJHIkAVTmAKA41itPz53QisAOZZDOX/c8ipyg:1y/nO3jjc3wKmVTmFAmURsfZDxyg

Score

10^/10

remcos

Malware Config

Signatures

Remcos family
remcos

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_44ff410a8de028ad6ceb9f2e80226fd2c0ba6fa429f1bf50c1a512ece893e68e

Files

JaffaCakes118_44ff410a8de028ad6ceb9f2e80226fd2c0ba6fa429f1bf50c1a512ece893e68e
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 331KB - Virtual size: 330KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ