dcrat | HEUR-Backdoor[.]MSIL[.]LightStone[.]gen-81f41d482bf[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

HEUR-Backdoor.MSIL.LightStone.gen-81f41d482bf.exe
Size

603KB
MD5

67fcec7b7810e554d7b211e848c36922
SHA1

f0a51177f5261c01e975d6654bf0638bf4fbf2de
SHA256

81f41d482bf4095fdb19e769bd7284412258e89e9c5ed1fe9363ebe17dbcd803
SHA512

5b647ca442db82cb5115abed27d6fd836fd17cc387052f195b6e11d25af679742b2e2a9be40d0a1c751f3c9e1e0b61ff066139f03ada8a73ff83050e6171bcc4
SSDEEP

12288:TqnOLxNtOFUn9LyBLLVpYkFtFDK/QJ8SCKE4fI7Vd2JDxo/Jy:T+OL9+rSkbN8gUda

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
sample	dcrat

Dcrat family
dcrat

Files

HEUR-Backdoor.MSIL.LightStone.gen-81f41d482bf.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 601KB - Virtual size: 600KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ