dcrat | 57f5e41e69b652cb1804c361e6ac5cbdabf51b3296e5e64ed03fe40d343b9ee9

General

Target

57f5e41e69b652cb1804c361e6ac5cbdabf51b3296e5e64ed03fe40d343b9ee9
Size

415KB
MD5

bbddefeb5e8369ba331f3c063295ed16
SHA1

8f6ffe77bfc84a8761bc133f75c68096e3b64d21
SHA256

57f5e41e69b652cb1804c361e6ac5cbdabf51b3296e5e64ed03fe40d343b9ee9
SHA512

b628f31743c26e4a55bb6dc309806f28a6022d58b2deb327fc01edcfbec0bc8e6f018a36afb276e7a4dac6107088380d5cc6bf1bd51de88b98e7558f7c27fc65
SSDEEP

6144:zrZ9bIvXB4+y9OvQLM7/kMoOedlTvlNS7FJadT8H/QvMoo+RBYr70y/OhWBb2YFq:zcXBvy9OD5evlNMrjwBk7dmhJY4

Score

10^/10

rat dcrat

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
static1/unpack001/57bfb1ccdc00493daf0987426bc3744bfcc0f2777b78594e840832a776b32a9f.exe	dcrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/57bfb1ccdc00493daf0987426bc3744bfcc0f2777b78594e840832a776b32a9f.exe

57f5e41e69b652cb1804c361e6ac5cbdabf51b3296e5e64ed03fe40d343b9ee9
.zip

Password: infected
57bfb1ccdc00493daf0987426bc3744bfcc0f2777b78594e840832a776b32a9f.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 813KB - Virtual size: 813KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ