dcrat | b207e2d01da441bc6c8275dcfde829007335fcd2a9e6257b02c79c69b7da5369 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b207e2d01da441bc6c8275dcfde829007335fcd2a9e6257b02c79c69b7da5369
Size

817KB
MD5

82d4ceb01a15112ffcd56dfe88ee75fc
SHA1

533c26af54a4327572dd978cc2542e4bc5e53784
SHA256

b207e2d01da441bc6c8275dcfde829007335fcd2a9e6257b02c79c69b7da5369
SHA512

7684417efa117a82dc1739330fdb5e713192a04c8f85a1958b003cd88bee67caeb9bbc4db4a5a9c7adaea103f87f27feaf76e0a7986dd6067fb70dde3fab5fb1
SSDEEP

12288:UcX8chho6QTcXmTEPizJPi+3va4a/baMk0eBYddI55uAIPYhYCEy:UcX3hhUc2Q6YjgMkfBYWhfhYC9

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
sample	dcrat

Dcrat family
dcrat

Files

b207e2d01da441bc6c8275dcfde829007335fcd2a9e6257b02c79c69b7da5369
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 815KB - Virtual size: 814KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ