dcrat | 087de4545bd2e1a5c41f5b4bef89ecd5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

087de4545bd2e1a5c41f5b4bef89ecd5_JaffaCakes118
Size

993KB
MD5

087de4545bd2e1a5c41f5b4bef89ecd5
SHA1

80e28270c875394405c3a3bd3a425658fe67743e
SHA256

3ef4087e1d861d938bfece79099fcb9d603cc350c39a2968dd14ee93bfe6cd64
SHA512

37238154d0b4050534efa066905c7f77955fb786868da87af29e295ab939a04c3d300cff94a9b09635d95d54548fe7920fbf2e74e9690695080046431a83963e
SSDEEP

24576:pgNuGCr9gfsH+xbxAWE70PsN//OLvMD+4:yuGaEsH+xty7XN3OLvt

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
sample	dcrat

Dcrat family
dcrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
087de4545bd2e1a5c41f5b4bef89ecd5_JaffaCakes118

Files

087de4545bd2e1a5c41f5b4bef89ecd5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 970KB - Virtual size: 969KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 756B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ