dcrat | b29a9112614fd9614887f0cf2c9a617a[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b29a9112614fd9614887f0cf2c9a617a.exe
Size

3.3MB
MD5

b29a9112614fd9614887f0cf2c9a617a
SHA1

087f679ee937a7c15801c3a458c5880973a5e64f
SHA256

ade1f0171dbccfc77a16c9c7c374fbd6ca740e2b01b39464bee068003db5b52b
SHA512

b5391b2ba3d4a83016742e372cb10e117ec0d64108010aabcf678b2a213e66904b2ba85b087e0898935014bdea45386262a6ca2e8b56a73fb127999df2a9e20c
SSDEEP

49152:V628SxZ0OLwS9eqJunnlydiDKa/dHk7X9FLQaTssuO3d1LukP7XNYvC:Lxeg1ecunUdWijsa3Lja6

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
sample	dcrat

Dcrat family
dcrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b29a9112614fd9614887f0cf2c9a617a.exe

Files

b29a9112614fd9614887f0cf2c9a617a.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ