dcrat | 2ba2c61f71a95a2ae2124efb8854871b906211d0358b7a6a5625b8124e613ad9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2ba2c61f71a95a2ae2124efb8854871b906211d0358b7a6a5625b8124e613ad9
Size

784KB
MD5

a8baf5072233b2dcef47b8f5d44bcba4
SHA1

af1346afa1f4f6a9e8f6d16f6c0e74e792193a3b
SHA256

2ba2c61f71a95a2ae2124efb8854871b906211d0358b7a6a5625b8124e613ad9
SHA512

c22ec5fa3b249b8534b5b285ab2bdc028fbdfbfd00df6a63383eceba8e349df8b8eb3315e2e9598ca2e8ab9d0842948ec9fb6f5409219d92eaee61eec4a16390
SSDEEP

12288:+qnO8YpD1oOJp+Ce1PSiG2jfIBoI5DyDwYMDxFesH0ioBw7oKk2:++ORToOWSi5gBoS4wYUJ0eo2

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
sample	dcrat

Dcrat family
dcrat

Files

2ba2c61f71a95a2ae2124efb8854871b906211d0358b7a6a5625b8124e613ad9
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 782KB - Virtual size: 781KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ