dcrat | 9eb985698bcb63cf15b067ae57e1b75e5a47d91af9aac959fcc58a123b168024 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9eb985698bcb63cf15b067ae57e1b75e5a47d91af9aac959fcc58a123b168024
Size

2.9MB
MD5

84f38401f4d1657edbc6c50949354c11
SHA1

f1817b91cebb8446e6e4c6825a20b040aa98b656
SHA256

9eb985698bcb63cf15b067ae57e1b75e5a47d91af9aac959fcc58a123b168024
SHA512

76d979d56a09badc87383191fe45da1e1faa9527a482e9317b712c3e2bfcf12fa463ddbbccd833d3ec1a542cb70b511a4ef2e6728dde8aa2cc70e667eb18a122
SSDEEP

49152:xxc8Gxf/flIiyczr9BgfMyO1XIvFnI9KXXQG+HBTwSMsEAZag5V/z:xxcT3l9nrfgHOKkKXAXBMmEy

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
sample	dcrat

Dcrat family
dcrat

Files

9eb985698bcb63cf15b067ae57e1b75e5a47d91af9aac959fcc58a123b168024
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 796B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ