General

  • Target

    Yar.pif

  • Size

    1.1MB

  • MD5

    ff3751454ca1658a428b889e398d188f

  • SHA1

    104448a398139e9972431cbf78a584cc9119c304

  • SHA256

    e7786686b2b48fd0e29d9c18ffeebb816a75f4e5704170fb9858f7bb9e6d3ff1

  • SHA512

    0aed38bf2ccada7c32f49fe215de0e92c38f0139ffe6dbff55cc7b5c8efb478a9310674ba9bbcf575e16798f948573cb2c51ed1caab9fd11d387c6cfdc785826

  • SSDEEP

    12288:aRZ+IoG/n9IQxW3OBsee2X+t4RbvDUUKAIBaZd3xgruwn2oKPOileholldz8mU:U2G/nvxW3Ww0t7xKAIBaCryOike7dzdU

Score
10/10

Malware Config

Signatures

  • DCRat payload 1 IoCs

    Detects payload of DCRat, commonly dropped by NSIS installers.

  • Dcrat family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • Yar.pif
    .exe windows:5 windows x86 arch:x86

    fcf1390e9ce472c7270447fc5c61a0c1


    Headers

    Imports

    Sections