dcrat | 884d0af57779c777784beb1ea4580270 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

884d0af57779c777784beb1ea4580270
Size

3.3MB
MD5

884d0af57779c777784beb1ea4580270
SHA1

9108c9228b199c5cd109786c06a9a0f76b0284ea
SHA256

4a8b17f3b86ebc2cc063c94e0a869a4f2b002f301b7efd0de1641c61e35f66b3
SHA512

fb52713dab03a54645f7d5d873cd96e1eb4bfdb2ee7fe561553bc50f4aa2221b65873141d4f33d0773914ec95b8917da901258293d45e9bcc4858a5f3af9b4ca
SSDEEP

49152:4zFtnTuoV82DtcYCxFyfgtdhzC+k388XGy3Xc8vS3NrwG4Zr846sn2NIfj:UFtnTsapCOItGXF8bNsG4Ugj

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
sample	dcrat

Dcrat family
dcrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
884d0af57779c777784beb1ea4580270

Files

884d0af57779c777784beb1ea4580270
.exe windows:5 windows x86 arch:x86

2eabe9054cad5152567f0699947a2c5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

Sections

Size: 130KB - Virtual size: 392KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ttlufylk
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

dyohvhwo
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE