dcrat | 4549bd42938895f7902bc120eaa845c9[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4549bd42938895f7902bc120eaa845c9.exe
Size

1.8MB
MD5

4549bd42938895f7902bc120eaa845c9
SHA1

3c95537f71f0f773612c213fe004a6f04bd71178
SHA256

e8207821df995e8c93fd06f94466476eb62ceb9f5dc6430ee02e86711a47e3c7
SHA512

b84c18a72e75b1c1bbe10e6932619f7e5081b515132aef54cffce1cdf7c6ee55f828b8e2509d94b087a21eaa872f7a2f13a43ca49a6e95f1dd8d2b5fdced02b5
SSDEEP

49152:QodoalH3Fh0dZXAZPabJ10r+vJqB1zRIm:Qod93fQwFkhO2

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
sample	dcrat

Dcrat family
dcrat

Files

4549bd42938895f7902bc120eaa845c9.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ