dcrat | 6fe3e7b8886862e6c2e9ea8684396da80e57ca2c1f85026e7edc0ae6cef80c35[.]zip

General

Target

6fe3e7b8886862e6c2e9ea8684396da80e57ca2c1f85026e7edc0ae6cef80c35.zip
Size

589KB
MD5

ab565ee7539f9071ebe4615c3ef33b1f
SHA1

b1baef61cd53ac95d0c4c5e79b2f86e32ccf5132
SHA256

f2c2302ed2ba7cdb82d8d8f5f22fd07a1882f7a9fbf94a123441fba7546023c2
SHA512

6c2b6e26d50f0c4a9fbdd1bde5872c7084bd8b4b38aeb33144d8834dd6cc374d7f530dba1112aa8c6c22c06afa3ca5a40b2ef13a369ff9a7a339a6f1a4a2436a
SSDEEP

12288:AbDrCTQD+OmiDRNe4QD6Y32za9AYglhK7LeGCj5kQB9X8R5fWTrmyy18oZxL:A/oa+OmiPvY36Egl3kQB3my8d3

Score

10^/10

rat dcrat

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
static1/unpack001/6fe3e7b8886862e6c2e9ea8684396da80e57ca2c1f85026e7edc0ae6cef80c35.exe	dcrat

6fe3e7b8886862e6c2e9ea8684396da80e57ca2c1f85026e7edc0ae6cef80c35.zip
.zip

Password: infected
6fe3e7b8886862e6c2e9ea8684396da80e57ca2c1f85026e7edc0ae6cef80c35.exe
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 987KB - Virtual size: 987KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 796B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ