dcrat | 154a047540d3401fb123815cd6c5433bca0761c0064caae3acf02c0073471d05[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

154a047540d3401fb123815cd6c5433bca0761c0064caae3acf02c0073471d05.exe
Size

829KB
MD5

17642c8384eee7b5c1912c9e7abb87ef
SHA1

dd897085ab58092fb9137dd6d86689d5d0fb2016
SHA256

154a047540d3401fb123815cd6c5433bca0761c0064caae3acf02c0073471d05
SHA512

1691d1d6152640ccca1bdc5e1b5b08d550b7be1211f599b9f68fd5c406a300bceeaadd808eb20090ec4d523972c6fd3e29d59fac005f37130e85cff3560ccaef
SSDEEP

12288:eaoVtb+gqbqWJIitrvPh54EI41sdmH7dYkv5CA58:ejLb+gqbuitr3DB0mHymCC8

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
sample	dcrat

Dcrat family
dcrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
154a047540d3401fb123815cd6c5433bca0761c0064caae3acf02c0073471d05.exe

Files

154a047540d3401fb123815cd6c5433bca0761c0064caae3acf02c0073471d05.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 814KB - Virtual size: 814KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ