dcrat | 1BF1C3C534F06F4A065A86781FB1CBE2[.]exe | Triage

Sharing

General

Target

1BF1C3C534F06F4A065A86781FB1CBE2.exe
Size

1.2MB
MD5

1bf1c3c534f06f4a065a86781fb1cbe2
SHA1

af2a14b5c20831e437509f2b9d4b3be2abaacf3d
SHA256

310d1c1dbab48d7859d151a039887c40da8f92fdf2e6d9be8e73fb3d9ef22e51
SHA512

a93ac77e4db5c312f4aa68449695cdbd82d795c3abcf818ead8544b424dd9a0e673f6bb8a9c7b233d0a6dc27c73286a8a1fe2391773071e7ad52bca668cac36b
SSDEEP

24576:4FxZRGiumPMIAMId+hmi15r4ktrMLljj8xsgJ3tUh:Exbuogdami1XMLljj8xsgFe

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
sample	dcrat

Dcrat family
dcrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1BF1C3C534F06F4A065A86781FB1CBE2.exe

Files

1BF1C3C534F06F4A065A86781FB1CBE2.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ