dcrat | 20ba93789eb7001ba9e4842bcc69fe62[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

20ba93789eb7001ba9e4842bcc69fe62.exe
Size

3.3MB
MD5

20ba93789eb7001ba9e4842bcc69fe62
SHA1

4f2de529f2094f978d35cfb040cbd6e7c6274f98
SHA256

5d78dc803d29fba00eb080a58f1d85c33dbf50834886337083269ca1b5f1c1db
SHA512

327f2a7900f9900a6fb6f86f46efb8936b0327142f8e7120cd9d3db7b87b762c2288971b48ffe8fd3ec2e751f492652fb87da8197becf9b30e59b3d9247934b1
SSDEEP

49152:5PVa2oTM2mNcc1txMW/ixmw5d2eca2FBXElIu1KGwuEZ1Lz+6:5P932cd1txhi55Ie72kIu1xw5z+

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
sample	dcrat

Dcrat family
dcrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
20ba93789eb7001ba9e4842bcc69fe62.exe

Files

20ba93789eb7001ba9e4842bcc69fe62.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ