dcrat | 62880b71cf78e1436174af53c4f0ed73617329241016ccc2db5a8ce7885f1bf8

General

Target

62880b71cf78e1436174af53c4f0ed73617329241016ccc2db5a8ce7885f1bf8
Size

415KB
MD5

295b8cbdcb9c0cbb3f3064a61c529f19
SHA1

afc8774fe961aaeeaa532f2887687bb1d81f036e
SHA256

62880b71cf78e1436174af53c4f0ed73617329241016ccc2db5a8ce7885f1bf8
SHA512

0154990319dbac7e7830c2734be569f0088170f85f2b9d386586c7bd15326ed62ab9d82b2c1da52bc8989d1c238f9f0f0b1fd24ea66bdc2fb20ee031c43002a6
SSDEEP

12288:jM4QlipGywXmPBa1hzxF87SJ+Kcepos/oT5Y:jFv0oBaBFKSJ+Ze6swT5Y

Score

10^/10

rat dcrat

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
static1/unpack001/b456ef867ac67bfc770d662c7a427e1ac452d54fcd1b688c22fb8856a521197a.exe	dcrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/b456ef867ac67bfc770d662c7a427e1ac452d54fcd1b688c22fb8856a521197a.exe

62880b71cf78e1436174af53c4f0ed73617329241016ccc2db5a8ce7885f1bf8
.zip

Password: infected
b456ef867ac67bfc770d662c7a427e1ac452d54fcd1b688c22fb8856a521197a.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 813KB - Virtual size: 812KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ