dcrat | 1e4770bb9dd685fb9912e5763b0fc8bc[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1e4770bb9dd685fb9912e5763b0fc8bc.exe
Size

1.7MB
MD5

1e4770bb9dd685fb9912e5763b0fc8bc
SHA1

2fc731c2f73128b6fd349e7b77f94af2b6c3726f
SHA256

e1950e8d21eae033245046e36a693af64406203588ab7a7c16a6e5b2c259ba82
SHA512

69752bc02c67c6e5b69645930edd822570b1ed9e688dd97b45e3ea28c23f2b3ccb47dbe491de5e6d600a01a1d5b590ec2fa87576cbc6ccd4908ce09dace4424b
SSDEEP

24576:t3QwuLyEbVoCtPreIjNLoN/VNGeSQDx1m17zezKOkCzeJGFUJ:tgwuuEpdDLNwVMeXDL0fdSzAG

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
sample	dcrat

Dcrat family
dcrat

Files

1e4770bb9dd685fb9912e5763b0fc8bc.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ