dcrat | 2d7c3928e7049865622a5d3773855892[.]exe | Triage

Sharing

General

Target

2d7c3928e7049865622a5d3773855892.exe
Size

1.4MB
MD5

2d7c3928e7049865622a5d3773855892
SHA1

a6f20074671b0264764d4924f7f989d76a5fa58e
SHA256

68c1b049ff16b9f0ddd0b43650c8190c952a7470617e130baf1c139dc38e860c
SHA512

26a8cd3dc48c4e274464d6c2489a94d9bc86615f29485c539a49dad4003548371c6b605b9338e3b8cb7ed75b00aed86eb9378a2394f6b3cef91a6510ef938f87
SSDEEP

24576:c6Ydp5bs0x6kZXiflwqlKMHew3Mq5yHX2cpqIP/:DYdcBkotJ0q50js

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
sample	dcrat

Dcrat family
dcrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d7c3928e7049865622a5d3773855892.exe

Files

2d7c3928e7049865622a5d3773855892.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 796B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ