dcrat | 5bd955d8c4b32fa638ec425fa16120ae71ee3976399b5d03a4680ba834d74270

Sharing

Copy URL Twitter E-mail

General

Target

5bd955d8c4b32fa638ec425fa16120ae71ee3976399b5d03a4680ba834d74270
Size

4.0MB
MD5

56fc2e20d2b7fc93969033e1376374f8
SHA1

0b42bd2176e12354182f55e3950569a131c7b192
SHA256

5bd955d8c4b32fa638ec425fa16120ae71ee3976399b5d03a4680ba834d74270
SHA512

0968f80a9ce02efa5fba87748aa61950dff29270a1345a6c963e6832a2e0fafa389828263c3e703dc5843c6987cf115bddbb4cbd0ba6e05b5e7503863d691744
SSDEEP

98304:BDb49QiRaE6oM9CjJc/oZzA6thHaezlYWQh94/8V5nrsi5/t:B4inZFCjg6raQ+bC8rYet

Score

10^/10

rat themida dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

rat

resource	yara_rule
sample	dcrat

Dcrat family
dcrat

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

5bd955d8c4b32fa638ec425fa16120ae71ee3976399b5d03a4680ba834d74270
.exe windows:4 windows x86 arch:x86

Code Sign

52:38:2a:d2:0a:6c:2c:a8:41:6e:b6:5b:96:94:f1:eb
Certificate

Issuer

CN=MSI Pulse GL76 12UEK-088XRU Intel Core i5 12500H/ 3.3 GHz - 4.5 GHz/ 16384 Mb/ 17.3 Full HD 1920x1080/ 512 Gb SSD/ DVD nVidia GeForce RTX 3060 6144 DOS (9S7-17L314-088)

Not Before

13/04/2023, 09:44

Not After

14/04/2033, 09:44

Subject

CN=MSI Pulse GL76 12UEK-088XRU Intel Core i5 12500H/ 3.3 GHz - 4.5 GHz/ 16384 Mb/ 17.3 Full HD 1920x1080/ 512 Gb SSD/ DVD nVidia GeForce RTX 3060 6144 DOS (9S7-17L314-088)

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c5:ee:97:14:aa:f2:f9:e3:18:ab:e2:06:1e:35:d5:44:5b:64:58:1e:c1:94:0c:04:a2:95:46:fd:eb:1c:ab:02
Signer

Actual PE Digest

c5:ee:97:14:aa:f2:f9:e3:18:ab:e2:06:1e:35:d5:44:5b:64:58:1e:c1:94:0c:04:a2:95:46:fd:eb:1c:ab:02

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 851KB - Virtual size: 856KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 436KB - Virtual size: 436KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Code Sign

52:38:2a:d2:0a:6c:2c:a8:41:6e:b6:5b:96:94:f1:ebCertificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

c5:ee:97:14:aa:f2:f9:e3:18:ab:e2:06:1e:35:d5:44:5b:64:58:1e:c1:94:0c:04:a2:95:46:fd:eb:1c:ab:02Signer

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 851KB - Virtual size: 856KB

.rsrc Size: 436KB - Virtual size: 436KB

.reloc Size: 512B - Virtual size: 12B

.idata Size: 512B - Virtual size: 8KB

.themida Size: 2.7MB - Virtual size: 2.7MB

52:38:2a:d2:0a:6c:2c:a8:41:6e:b6:5b:96:94:f1:eb
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

c5:ee:97:14:aa:f2:f9:e3:18:ab:e2:06:1e:35:d5:44:5b:64:58:1e:c1:94:0c:04:a2:95:46:fd:eb:1c:ab:02
Signer

.text
Size: 851KB - Virtual size: 856KB

.rsrc
Size: 436KB - Virtual size: 436KB

.reloc
Size: 512B - Virtual size: 12B

.idata
Size: 512B - Virtual size: 8KB

.themida
Size: 2.7MB - Virtual size: 2.7MB