Trojan.Remcos.IH

By CagedTech in Trojans

Threat Scorecard

Popularity Rank:	3,304
Threat Level:	80 % (High)
Infected Computers:	1,044

First Seen:	November 7, 2021
Last Seen:	April 8, 2026
OS(es) Affected:	Windows

Table of Contents

Analysis Report

General information

Family Name:	Trojan.Remcos.IH
Signature status:	No Signature

Known Samples

MD5: bc679f7ffa4598ceeb6fb02c0f11f013

SHA1: 76bde52ab03cf9a31eb9ef7e70cc3354aaf94811

File Size: 55.30 KB, 55296 bytes

MD5: 0c19a872ebc60f92a28e08e3ba407f99

SHA1: b1cb42e75b4c624f98ee730c3adaf8d48cd417a9

File Size: 40.96 KB, 40960 bytes

MD5: 7c520f618df1ace9a77c5b51ac560d9e

SHA1: 037b215c7bea3d209a7f582ef3f088ca2b7087c3

File Size: 61.44 KB, 61440 bytes

MD5: f394ef3de9e47f73d481d3c3f9a67bcd

SHA1: a8ffd441949860931bb8014786ce3f33da1c7b13

SHA256: 3F315EDAC9C5D18DED924B9135E783C400AE0FF5509A277EE588180927371A64

File Size: 49.66 KB, 49664 bytes

MD5: f87cecd996ca8c473960d53dddf72df9

SHA1: 1025cb4309de0dfa210b3863e62b6c0e157442e9

SHA256: 857F26F2981055E0012EB787ACDFF7DE7425693DF622F2348C8F3FE01D4EB3F5

File Size: 49.66 KB, 49664 bytes

MD5: db66c500425d4d701b4e503ab0068cb1

SHA1: fde6b513012a826fff9b32d72b1ca14f97efa0e6

SHA256: 7CDFD70E939BE37956213B889C247ABD4069FF7BE15220617DBA9008ABBC54BA

File Size: 83.97 KB, 83968 bytes

MD5: b79fd4ad55e71be61f6c0994a1c22606

SHA1: 03e7902b0c374860f15d07eb1d67fbc8f3acc0b1

SHA256: 80C9641F65278762E746EFC7D711A1A4A05E6BA87DE50652DBB721E4EACA1610

File Size: 40.45 KB, 40448 bytes

MD5: 4e3c2540d2ad08424138744ea6d49bc9

SHA1: e52758614c9017010c9d63706c4b8c699733b71f

SHA256: E6ED180D4B7808B54E1A15E2524C5CF29D85741A6A86B0545D99BBC6023E86AE

File Size: 41.98 KB, 41984 bytes

MD5: d9b5366d4098a3ed1aaac2017855ab83

SHA1: 10512c86b7ac35112e5a1e8832d0368544ea2298

SHA256: 3DA50328F6E8A7E6F7CBB87082317ACB304652701EFA8F82AC1C4001E7F89D17

File Size: 44.03 KB, 44032 bytes

MD5: d934b3386817c81c2d372ca8b3966783

SHA1: 2c0bbde666adbcf7b8830da6cd2c575149520f68

SHA256: 5DE14170DDC8140BEA9CC4BF8EF105A663001C9422A26918228E13FE68B563C2

File Size: 169.47 KB, 169472 bytes

MD5: 5046a6a448c383e6c65fb960672a6580

SHA1: c2fedba8fb6da4436339bfe7ab241c0358229187

SHA256: 3202A3424E416DB1D2C2CA610D2F6153D5D2433E8263000E93718A75761EBEF0

File Size: 41.98 KB, 41984 bytes

MD5: 485713d78a283768ca0743c395a02929

SHA1: ef96f819591fd659a7e883fd4c043b3a0a0fddbc

SHA256: B0F0AFEFE60CF0ED47F08FBCCCFF9AADBC43C2876AE188351E89675C3F3F4F19

File Size: 41.47 KB, 41472 bytes

MD5: df7039f12e34f9eadbdf84e225d0bc69

SHA1: 4699b4770aca08e55fcf9abb600be3b73fcb7436

SHA256: FA9CDABF2D62ABD168819C7408E8AC8A57883C0DD93844F50A93F44511361D17

File Size: 40.96 KB, 40960 bytes

MD5: c91f8cf3d6cd9811a8c4286740f84ee7

SHA1: fb5ca312d72b8417c6a14528d19d6d44c28b6ef5

SHA256: 198A495EC96AFA80A2A40E83CBA21EA51C593D314191B88E8CA2E7BA06A3A51D

File Size: 47.62 KB, 47616 bytes

MD5: 0c85006cdbe1b6f6ce6b64bd42c6692f

SHA1: 2fb89d6df76329a259cd199694b52a68dc19ffba

SHA256: 0A6DC1DE4366ECB4CDD29FE20DCBE81A26F26023366C83787391B0EC38556867

File Size: 65.54 KB, 65536 bytes

MD5: cb81b144f6a8499873afa12281dc7583

SHA1: 068214363ffeb9e24c39b58ae88a459ca64f56ab

SHA256: AF7789974B291B93FC8DA28128748103CCB39DF68EDD1600A3DC26C36687DD62

File Size: 43.01 KB, 43008 bytes

MD5: c656837baadd27c349fe7d309209a663

SHA1: be95bcfa69cb27d6b3b2f757fa0eb8729c1b25f9

SHA256: 747FA2ED20B2D6670BA8046EBAADFAD3863E059073275320BB8998C20E467D08

File Size: 55.30 KB, 55296 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have exports table
File doesn't have security information
File is 32-bit executable
File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)

IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

Windows PE Version Information

Name	Value
Comments	MPD Eft Api C - Test Client
Company Name	Worldline
File Description	MPD Eft Api C - Test Client
File Version	2.0.73.0
Internal Name	MPD Eft Api C - Test Client
Legal Copyright	Copyright (C) Worldline 2003-2025
Original Filename	test_eftapi.exe
Product Name	MPD Eft Api C - Test Client
Product Version	2.0.73.0

File Traits

2+ executable sections
JMC
No Version Info
x86

Block Information

Total Blocks:	148
Potentially Malicious Blocks:	2
Whitelisted Blocks:	144
Unknown Blocks:	2

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 x x ? 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Agent.FDS
Agent.FGT
Agent.FYH
Agent.XCO
Agent.XSE

Agent.XSH
BadJoke.XA
Injector.YF
KillMBR.XB
KillMBR.Y
KillMBR.YA
Optix.A
Remcos.IF
Remcos.IL
Rozena.HGF
Rozena.VD

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Trojan.Remcos.IH

Threat Scorecard

EnigmaSoft Threat Scorecard

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

Windows PE Version Information

Windows PE Version Information

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Submit Comment

Trending

Nextgeeker.com

Mr Beast Discord Scam

Bear Ransomware

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Pornktube.porn

Discord Shows Black Screen when Sharing Screen