dcrat | 1a1c9374d843cc49c203ba9b72883cae[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1a1c9374d843cc49c203ba9b72883cae.exe
Size

1.3MB
MD5

1a1c9374d843cc49c203ba9b72883cae
SHA1

0c2c19e3dcc4e4f54366561830b1a0b2e1768314
SHA256

3d2e5fca23c3e04d3736fcf3428b93423ca3543c2ceee7e41aa0951b0efd54de
SHA512

9ccbc7f05efce2ac4450b6519aa404f90ab6100d8a762ee55dd618dc5cd42c3ae57ea21bcc2089b3cea66cd230bae2361a1bc98531b588c8c39a43217a93d06d
SSDEEP

24576:YauwrMM/wRk3oO+DQuKoJX0N1SMt7hfhyORWNb6Yyhvn+xG0lcC:Y9PyuD4XSO/PYyhvnmC

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
sample	dcrat

Dcrat family
dcrat

Files

1a1c9374d843cc49c203ba9b72883cae.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ