dcrat | c38955f79b23fe751718121fefcd7695[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c38955f79b23fe751718121fefcd7695.exe
Size

1007KB
MD5

c38955f79b23fe751718121fefcd7695
SHA1

59ae09cee276abee4803260a53a6f40e6a160f65
SHA256

6ae816ec46ae1900c7a334251d27c93c9b793ee77b521b5dfbb9b81c64d21c10
SHA512

3845c32fb5a4f252a848494a57a77a1b90ccd70a97a3c498d79b72d61f17c873860af0e2b3f7eb42aa19648b611c397ea715a0cea22885dd1400af3db00c2294
SSDEEP

12288:PWNE5JFhVAqY+irbNba3NnZ5SAdNXd+V+0q6pGYE3RWtiumL4enNwQi0Qaer+Vfh:PWNiSbNO3NZHDJdQvd3WMB9c9uY

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
sample	dcrat

Dcrat family
dcrat

Files

c38955f79b23fe751718121fefcd7695.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1005KB - Virtual size: 1004KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ