dcrat | 411b5d34c6d956ff1a2a50b67b08522203ae522d4d6407857699c1777cfdd105[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

411b5d34c6d956ff1a2a50b67b08522203ae522d4d6407857699c1777cfdd105.exe
Size

828KB
MD5

88a242514e271e9f2befa0dac849aa00
SHA1

73dc1d076410f8762cdc806f718dff500febb22b
SHA256

411b5d34c6d956ff1a2a50b67b08522203ae522d4d6407857699c1777cfdd105
SHA512

762a191730b9439eb3a7c4fcb06942a6a9324dadc74f7b29ab93faa127e849c0f60ac741048cfaed2f90250a00766ec845f2d36aaa9f38a6f1b6e3782daaf8e8
SSDEEP

12288:w8CB/Cj5EqGVplzXaQICqpPOJrqF30fRbEsWuVIc6USQAwnfWs:qB25Eq2zqQICoGPQduecj/XfWs

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
sample	dcrat

Dcrat family
dcrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
411b5d34c6d956ff1a2a50b67b08522203ae522d4d6407857699c1777cfdd105.exe

Files

411b5d34c6d956ff1a2a50b67b08522203ae522d4d6407857699c1777cfdd105.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 813KB - Virtual size: 813KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ