remcos | JaffaCakes118_7c9c1ba5864d58a7f09b94a1f79e6d4da6c6ecf9b89b43b486c721e44d44d940 | Triage

Sharing

General

Target

JaffaCakes118_7c9c1ba5864d58a7f09b94a1f79e6d4da6c6ecf9b89b43b486c721e44d44d940
Size

484KB
MD5

cb56cbe11b27eb3f5a65038d4aa7e926
SHA1

ac4e734caf0c31ae7f188190e2c240b3d533c367
SHA256

7c9c1ba5864d58a7f09b94a1f79e6d4da6c6ecf9b89b43b486c721e44d44d940
SHA512

c8c47fac8bb6a2049fa1e760839685da4d339df1c162dc14c8467b92b37af17b52b5b3d35a4268eabf6f14ccec01e44de4089aad0e940c9aa618d0b52c7d629b
SSDEEP

12288:qf+Ud9dFEvMNIWXLg4SPw5+rTmu/ZIzlEb:3UdyvMNDU25+r6YZAe

Score

10^/10

remcos

Malware Config

Signatures

Remcos family
remcos

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_7c9c1ba5864d58a7f09b94a1f79e6d4da6c6ecf9b89b43b486c721e44d44d940

Files

JaffaCakes118_7c9c1ba5864d58a7f09b94a1f79e6d4da6c6ecf9b89b43b486c721e44d44d940
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 326KB - Virtual size: 326KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ