dcrat | 0D341AB3CB6899F5F051B10AAEAD1EDA[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0D341AB3CB6899F5F051B10AAEAD1EDA.exe
Size

3.0MB
MD5

0d341ab3cb6899f5f051b10aaead1eda
SHA1

846da424dade0c2f79afe17fa1d8aa2a431d85e0
SHA256

43824e5c1db3c8dfcc071806b4df30ac44467d2a9ef29c0346c528d21f88c96c
SHA512

0a5578ae1674341953049d9e58f0f71212241583e2025325843832a3b9c5e4d9f822b0167142749226f417547ce8f4e233a6ae4f139c60a856b1deebd97f4486
SSDEEP

98304:PM0woQggbNhWxU68v4Xi3yAbFwHTE9J/i:N0gOWfackHbFJH

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
sample	dcrat

Dcrat family
dcrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0D341AB3CB6899F5F051B10AAEAD1EDA.exe

Files

0D341AB3CB6899F5F051B10AAEAD1EDA.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ