dcrat | e041951b9084d03b1685ed2fdea5587258b721c0c57940fea6167656bf2c69f7[.]exe | Triage

Sharing

General

Target

e041951b9084d03b1685ed2fdea5587258b721c0c57940fea6167656bf2c69f7.exe
Size

2.0MB
MD5

182fd62fdf57aaf29a889c1b65c65a2d
SHA1

bf4a705fb1a061590a50d4ce9e059c24c00b7a96
SHA256

e041951b9084d03b1685ed2fdea5587258b721c0c57940fea6167656bf2c69f7
SHA512

560028e45bb43279fb12e214683c021ca5e83d2f07419a9f68806a9dac47bc187cc62f3fdf82a53e1ec3724a2cd06be04759efec57a41895e50d061304fb4a37
SSDEEP

49152:dndSiKG7Idc6Rm8sDJMSgkdEiVTpnjyv:dhURm8vSFVov

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs
Detects payload of DCRat, commonly dropped by NSIS installers.
rat

Processes:

resource yara_rule

sample dcrat
Dcrat family
dcrat

Files

e041951b9084d03b1685ed2fdea5587258b721c0c57940fea6167656bf2c69f7.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ