dcrat | installer[.]exe | Triage

Sharing

General

Target

installer.exe
Size

7.8MB
MD5

f3d4a56f1ec903519f4c37129423bd73
SHA1

72f0835888eea6e63e142d208b3997a708d7331b
SHA256

eb346407fcdb18f374cd2c9e309f8d8e986e8679d370c1f530723d0a0c8c3579
SHA512

1847df8f65d254a270722bf968b5e14230c3b9cb13b8bd0886aadb7c1da11d8ad43f56483be634b5010919843bbf4997cf5ada31a6a3e81671e173b0994630ac
SSDEEP

98304:5N8TuGLcT86GaEk4xK+NAwmRtaud0bJzREdt5D5MInOdl7QN:A4crE5Gud0lkoxc

Score

10^/10

rat dcrat 44caliber

Malware Config

Signatures

44caliber family
44caliber

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

Processes:

resource	yara_rule
sample	dcrat

Dcrat family
dcrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
installer.exe

Files

installer.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 770B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7.7MB - Virtual size: 7.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ