dcrat | 975fcbec5beed4d4b12ab37bf166416e[.]exe | Triage

Sharing

General

Target

975fcbec5beed4d4b12ab37bf166416e.exe
Size

2.2MB
MD5

975fcbec5beed4d4b12ab37bf166416e
SHA1

2f12cf218cb2a76a4e604e7bbe664a85f004ce7e
SHA256

8890a9d60a29b5e5d7b6444886d599cfb55f082550637e296a4bf19dd139f0de
SHA512

cde9b5a6a15ca7a11b44da9fbecdf5969a2a87cedd44e8b3db34a75f9814ea017495e98892c7654ffdae2999a7375e2985ae3afd12d4de256e83a0347d98e805
SSDEEP

24576:BsSNFmhun2DVFkrXNQ5ANizt1WOmUOcHLEJYptHHB7ECHa6fm/a2qs:mSPmRU4zOPUNLhnBICs

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
sample	dcrat

Dcrat family
dcrat

Files

975fcbec5beed4d4b12ab37bf166416e.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 796B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ