dcrat | e90217b02b3891a4ee8bc032f3fabc480dfec21ecd133d13d1847ef95bb61863

General

Target

e90217b02b3891a4ee8bc032f3fabc480dfec21ecd133d13d1847ef95bb61863
Size

415KB
MD5

53f2b09889b6867b18f0c55ae28f0122
SHA1

c6f26279b0470374ce72a247dc67359085a8cbd8
SHA256

e90217b02b3891a4ee8bc032f3fabc480dfec21ecd133d13d1847ef95bb61863
SHA512

9d5cc3e3eb1c2be84e9eb771d294592c4c35530aac9664a4828b1f794d95f0e78fd1d9d705ecb7b9d4863863be1bfa1fe2b5f73d8a4b83d8025912e6f59e17b6
SSDEEP

6144:34bbK4acKIT5rbaSxUiQfBtdBYthcht8MfgOllBlfdUA6xOiNOHYavhbZAk4PR:3gm41KQ5Ha4ytdBhLBLAOn4ShVD+

Score

10^/10

rat dcrat

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
static1/unpack001/57bfb1ccdc00493daf0987426bc3744bfcc0f2777b78594e840832a776b32a9f.exe	dcrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/57bfb1ccdc00493daf0987426bc3744bfcc0f2777b78594e840832a776b32a9f.exe

e90217b02b3891a4ee8bc032f3fabc480dfec21ecd133d13d1847ef95bb61863
.zip

Password: infected
57bfb1ccdc00493daf0987426bc3744bfcc0f2777b78594e840832a776b32a9f.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 813KB - Virtual size: 813KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ