dcrat | 355e69fa5061210c08b84c76af491e60_NEAS | Triage

Sharing

Copy URL Twitter E-mail

General

Target

355e69fa5061210c08b84c76af491e60_NEAS
Size

2.7MB
MD5

355e69fa5061210c08b84c76af491e60
SHA1

6c696b46bb5391268705c91a670ba3442c2e63ed
SHA256

2ca21048c472cd647e24a11a20a2ca0f95e1395d4fa9d60fa7eefc190dfb00be
SHA512

66490ee0245a2c2f8251c41e43d98b699946fd0dbc442d5b9abca24e171faac98d4461e04dc41591feaf6bbcb39d63c4c114b090378a7136c5aa96a1c0f5c004
SSDEEP

49152:yH64y2XDuLlIY14o9/yDzr1xJ8XbRrC9mWvR08Yv7yP3GcY:yHfE5Ad8Xd295UmGc

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
sample	dcrat

Dcrat family
dcrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
355e69fa5061210c08b84c76af491e60_NEAS

Files

355e69fa5061210c08b84c76af491e60_NEAS
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 788B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ