dcrat | bca5b1405e94d8389c9c22a1e7b4afc6 | Triage

Sharing

General

Target

bca5b1405e94d8389c9c22a1e7b4afc6
Size

1.3MB
MD5

bca5b1405e94d8389c9c22a1e7b4afc6
SHA1

b202670f899b73f41c9b6d882d6bb38b1c9d7371
SHA256

99537be947a99b144fb067b1533f8fde5cab1d424da7567e25b56e38e70f5ae3
SHA512

0453aff778863121bc42826ee241fb62a83d03412c3f6754b938c7a77cb9d1c5946d1790f1ffdc3ef5da6c1d53f026bf662dd49a877bb61ec7ff6750a88b6822
SSDEEP

24576:WYjPfTfmFwNY4Dood9W8CKZ7ZWgTWp6Cilqcv+4:DDmFwt1IyvWgTQp

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
sample	dcrat

Dcrat family
dcrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bca5b1405e94d8389c9c22a1e7b4afc6

Files

bca5b1405e94d8389c9c22a1e7b4afc6
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ