Backdoor.Remcos.CB

By CagedTech in Backdoors

Table of Contents

Analysis Report

General information

Family Name:	Backdoor.Remcos.CB
Signature status:	No Signature

Known Samples

MD5: 33721cb0fddffc0492fca4edf88ba67a

SHA1: ad859c75e9e26999a29d04cb8a80fc5cf0893cbb

SHA256: 5864EB1B13881EA3D4DDAEDCD8516A93D67087484297270462284A9810E0F258

File Size: 4.92 MB, 4916224 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have security information
File has exports table
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Company Name	TODO: <Company name>
File Description	TODO: <File description>
File Version	1.0.0.1
Internal Name	P1.exe
Legal Copyright	TODO: (c) <Company name>. All rights reserved.
Original Filename	P1.exe
Product Name	TODO: <Product name>
Product Version	1.0.0.1

File Traits

Default Version Info
HighEntropy
imgui
x86

Block Information

Total Blocks:	14,437
Potentially Malicious Blocks:	2,378
Whitelisted Blocks:	12,059
Unknown Blocks:	0

Visual Map

0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x x 0 x 0 0 0 0 0 0 0 x 0 0 x 0 0 0 0 x x x 0 0 0 0 x 0 0 0 x 0 x 0 0 0 0 0 0 x 0 x x x 0 0 x x x x x x x x x x x x x x x x 0 x x 0 0 0 0 x 0 x 0 x 0 0 x x x x x x 0 x x x 0 x x 0 x x 0 0 x x 0 x 0 0 0 0 0 0 x 0 0 0 x 0 x x x x 0 x x x 0 0 x 0 x x x x x 0 x x x x x x 0 x x 0 x x x x x x x 0 0 x 0 0 x 0 x 0 0 0 0 0 x 0 x 0 x x 0 x 0 0 x 0 x x x 0 x x x x x 0 0 x 0 0 0 0 x 0 x x x 0 x x 0 0 x 0 0 0 0 x x 0 x 0 0 0 0 0 0 0 x 0 x 0 0 x 0 x 0 x x 0 x x 0 0 0 x 0 x x x 0 x 0 x 0 0 x x 0 x 0 0 0 x 0 0 0 0 0 x 0 x 0 0 0 x 0 0 0 x 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x x x 0 0 x x x x x 0 x x x x x x x x 0 0 x 0 x x x x x x x x x x x x x x 0 x x x x x 0 x x x x x x x 0 x 0 0 x 0 0 0 0 x x x x 0 0 0 0 0 x 0 x x 0 x x x x x x x x x x x x x 0 0 x x x 0 x 0 x 0 x x x 0 0 x x 0 x x x 0 x x x x x x x x x x x 0 x 0 x x x x x x x x x x x x x x x x 0 0 x x 0 x x x 0 0 x x 0 x 0 0 0 x x x x x x x x x 0 0 x 0 0 0 x x x x 0 x 0 x x x x x x x 0 0 0 0 x x 0 x x x x x 0 0 x x x x x x 0 x 0 0 x 0 0 0 0 0 0 0 0 0 x 0 0 x 0 x x x x x x x x x x x x x x x x 0 x 0 x 0 x x x x 0 x x 0 0 0 x 0 0 0 0 0 x x x x 0 0 x x x x x x 0 x x x x 0 x 0 x 0 x 0 0 0 0 x x 0 0 x 0 0 x x x 0 0 0 0 0 x 0 0 0 0 x x x 0 x x 0 x 0 0 x 0 x 0 0 0 0 x 0 0 x x x x x 0 0 0 x 0 0 x 0 0 x x x x x 0 0 0 0 0 0 x x 0 0 x x 0 0 x x 0 x 0 x 0 0 x x 0 x x x 0 x 0 0 0 x x x x 0 x x 0 0 0 0 x 0 0 x x 0 x 0 0 0 0 0 x x x 0 x 0 x 0 0 x x 0 x x x x 0 x 0 x 0 0 x 0 x x 0 x x x 0 x x x x 0 x 0 0 x 0 0 0 0 0 0 0 x 0 0 x x x x x x x x x 0 0 0 0 0 x 0 x x x x x x x x x x 0 x x 0 0 x 0 x 0 x x 0 0 x x x 0 0 0 x 0 x 1 0 x x x 0 x 0 0 x 0 0 0 x 0 x x x 0 x x x 0 0 0 0 x 0 x 0 x x 0 x 0 x x x x 0 x x 0 x x x x 0 x x x x x x x 0 0 x x x 0 x x x 0 x x x x x x 0 0 0 0 0 0 0 0 0 0 x x 0 0 x x x x x x x x 0 x 0 0 0 0 0 0 0 0 0 0 x x x x x x x x 0 0 x x x x x x 0 x x x x x x 0 0 0 0 0 x x x x x x x 0 x x x x 0 x 0 x 0 x 0 x x x x x x x 0 x x 0 x x 0 0 x x x 0 x x x x x x 0 x x 0 x x x x x 0 0 0 x x 0 0 x x x x 0 x x x x 0 x x x 0 x 0 0 x x x x x x x x 0 0 x x 0 x x x x x x 0 x x x x 0 x x 0 x x x 0 x x 0 x x x x x x x x x x x x x x 0 0 x x 0 x x x 0 0 x x 0 0 0 x x x x x 0 0 0 0 0 0 0 0 x x x x x x 0 x x x 0 x x 0 0 x 0 x x x 0 x x x x 0 0 x x 0 0 x x x x 0 x x x x x x x 0 x x x 0 x x 0 0 x x x x x x x x x x x 0 0 x x x x x 0 x x 0 x x 0 0 x x 0 0 x x 0 x 0 x x x x 0 x x 0 x x x x x x 0 x x x 0 0 x x x x x x x x x 0 x 0 0 x x x x x 0 x x 0 x x x x x x x x x x x x x x 0 x x 0 x x 0 0 x 0 x x 0 0 x x x x x x x x x x x x x x 0 x 0 x x 0 x x x 0 x 0 0 x x x x x x x 0 x 0 x x x x x 0 x x 0 x x 0 x 0 x x x x x x x x 0 x 0 0 x x 0 0 x 0 0 0 x x x x 0 0 0 x x 0 x x 0 0 x x x 0 x 0 x 0 x 0 x x x x x x x 0 x x x x x x x x x x x x 0 x x 0 x x x x x 0 x x 0 x x x x x x x 0 0 x 0 0 x x x x x x x x x x x x x x x x 0 x x x x x x x x x x x x x x x x x x x x x x x 0 x x x x x x x x x x x x x x x x 0 x x x 0 0 x x x x x 0 x x x x x x x x x 0 0 0 x x x 0 x x x x x x x 0 0 0 0 0 0 x x x x x x x x 0 x x 0 0 0 x x x x x x x x x x x x x x x x 0 x 0 0 x x x x x x 0 x 0 x x x x 0 0 x x x x x x x x x 0 x x 0 x 0 x x x 0 0 x x x x x x x x 0 x x x x x x x x x x x 0 0 x x 0 x x x x x x x 0 0 0 0 0 0 0 x 0 x x x x 0 x x 0 0 x x x x x x x x 0 x x x x x 0 x 0 x x x x x x 0 0 0 0 0 0 0 x 0 x x 0 0 0 0 0 x x x x x x x x x x x x x x x x x x 0 0 0 0 x x 0 0 0 0 0 0 0 0 x x x x 0 0 0 0 0 x x x x x x x x 0 0 x x x 0 x x x 0 x x x 0 x x x x 0 x x x x x x x x 0 0 x x x 0 x 0 0 x x x 0 x x 0 0 x x x x x x 0 x x x 0 x x x 0 0 x x x x x x x x 0 x x x x x x x x x x x x 0 x x x 0 x x x 0 x x x x 0 x x 0 0 x x x x x x 0 x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x 0 x x x x x x x x x x x x x x x x x x x x x 0 0 x x x x x x x x x x x x x 0 0 x x x x x x x x x x x x 0 0 x x x x 0 0 0 0 0 x x x x 0 0 0 0 0 0 0 0 0 0 x x x 0 x 0 0 0 x x x x x x x x x x 0 x x 0 0 0 0 0 x 0 0 x x x x x x 0 x 0 x x x x x x x x x x x x 0 0 x x x x 0 x x x x x x x x 0 x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x 0 0 x x x x x 0 x 0 x x x x x 0 0 x x x x x x x x x x x x x x x 0 x 0 x 0 x x x 0 0 x x x x 0 x x 0 x x x x x x x x x x x x x 0 x x x x x x 0 x x x x 0 x 0 x 0 0 0 0 0 0 x x x 0 x 0 0 x x x x x x x 0 x x 0 x x x x x x 0 x x x x x x x 0 x x x x x x x

... Data truncated

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Remcos.CB
Shade.C

Windows API Usage

Category	API
Network Winsock2	WSAStartup
Other Suspicious	AdjustTokenPrivileges SetWindowsHookEx
User Data Access	GetUserObjectInformation

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Backdoor.Remcos.CB

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Windows API Usage

Windows API Usage

Submit Comment

Trending

OneUpdater

Trojan.Kryptik.VCKD

Trojan.Injector.RDD

Most Viewed

Pornktube.porn

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen