dcrat | 638809035DD3FAFC1377FFD71F4A5296[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

638809035DD3FAFC1377FFD71F4A5296.exe
Size

3.4MB
MD5

638809035dd3fafc1377ffd71f4a5296
SHA1

1a5920fc6fcb463288bc07023ad5840ebbca4b11
SHA256

1dd3edb673a05c19521b785935f8e803ec5f3104883db80f1a671182e23c4274
SHA512

3ddd44ead391ab72c5fe9476608a1c908f983ff6dacb499b27e21bb638d1da88951335262562ede806100cb83d72283bf6446e02a422e3a06b567e7406dbc896
SSDEEP

98304:uTbZZD8r18Vx4IuzrIXltEDjm/PtLORlm0:W3DY2/IgjEu4Q

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
sample	dcrat

Dcrat family
dcrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
638809035DD3FAFC1377FFD71F4A5296.exe

Files

638809035DD3FAFC1377FFD71F4A5296.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 770B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ