dcrat | 13ad37d1bff6815b5a5b930c9852d83d[.]exe | Triage

Sharing

General

Target

13ad37d1bff6815b5a5b930c9852d83d.exe
Size

256KB
MD5

d159f8e209dfca4343559620aaa1e272
SHA1

ceed9f6344502e68b9179f390322f603638e7061
SHA256

0bad685fb5116bbec13fc5a38ca486d5bbb269cbce199c8506de2d3ae7008375
SHA512

4d77b23e96177f98ca2b3c6a42aa1265fbceaeab6426bdec490da720daf6253f45d55130dbe08fef11f0260dbc9db7c6750069e415cee14fcf9b2cb891de00c2
SSDEEP

3072:9QBJtuF3LJ9KdgLpdW3Aq+lTO4WuZQ+er:2tS3KdgTW3Ae4nZ1er

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
sample	dcrat

Dcrat family
dcrat

Files

13ad37d1bff6815b5a5b930c9852d83d.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 796B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ