dcrat | 030582b15428c7552c10059da82808fd0115b9fa5b48362b61d457ed8b9fb012

General

Target

030582b15428c7552c10059da82808fd0115b9fa5b48362b61d457ed8b9fb012
Size

240KB
MD5

f209806598b6e028931897b121cea5fc
SHA1

d4c825e7d05170dfc62ebc3d5fbe473fd5078378
SHA256

030582b15428c7552c10059da82808fd0115b9fa5b48362b61d457ed8b9fb012
SHA512

fb8a62a104a675f36d44214b409130d7863bf07a1df48fbf5f6ad016d5137701797134a4d7596b28bc6efa53c4b22938b49426e00bccfbdcf0ecae7025395aba
SSDEEP

6144:mJEej9ULGX4/7clczVDqpRoSWbcZt2+uHZRTAa:mLB+TzclczVDxnJ5R0a

Score

10^/10

rat dcrat

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
static1/unpack001/c1dcf7f5ba1bfb2c010b6241e11fbd045135faf65bab7c785d4e8c910e9d3fa6.exe	dcrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/c1dcf7f5ba1bfb2c010b6241e11fbd045135faf65bab7c785d4e8c910e9d3fa6.exe

030582b15428c7552c10059da82808fd0115b9fa5b48362b61d457ed8b9fb012
.zip

Password: infected
c1dcf7f5ba1bfb2c010b6241e11fbd045135faf65bab7c785d4e8c910e9d3fa6.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 537KB - Virtual size: 536KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ