remcos | 2940-86-0x0000000003C90000-0x0000000003D0F000-memory[.]dmp | Triage

Sharing

General

Target

2940-86-0x0000000003C90000-0x0000000003D0F000-memory.dmp
Size

508KB
MD5

8d06ad61f18de4d14c0d6143ab258244
SHA1

ad57f23f8d9a7a37cec2fff813b3324c71d670b8
SHA256

65bcacdc97020f20c07546590b9ca50e455d941797ecb87e2226306d0d94dcdb
SHA512

0c79f9f8b0ef16e32dab862f3c8ee31678691efbff33fe1524c6fb37aae5edef68f648809e72a7655e2be637630338de9a31563fd1dd7cf1c286ea6803ba69e8
SSDEEP

12288:v9PgP3HAMwIGjY4vce6lnBthn5HSRVMf139F5woxr+IwtHwBtFECsvZD5:t43HfwIGYMcn5PJEZ

Score

10^/10

remcos

Malware Config

Signatures

Remcos family
remcos

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2940-86-0x0000000003C90000-0x0000000003D0F000-memory.dmp

Files

2940-86-0x0000000003C90000-0x0000000003D0F000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 344KB - Virtual size: 343KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ