dcrat | 488291ee16052448a88ff5f4b4ff7472[.]exe | Triage

Sharing

General

Target

488291ee16052448a88ff5f4b4ff7472.exe
Size

828KB
MD5

488291ee16052448a88ff5f4b4ff7472
SHA1

b7f7a100fd8f36501de1fec9f277aa7f73918c15
SHA256

59587a702b395acaad29b4cd695d7c236ef19dba0375ad16010e7a170dc90929
SHA512

050af158ba434d95cc4e520675c1fc9c9079103ae9af853615044aa2df8d0f8990fc0da095fe7334c82897d3a303cc386298e9133479bd6a39bebb1245d28108
SSDEEP

12288:u9V+q0VaZWcItdHp6yY9gNmNpsrx5fpgEYjqnK9cG:gXeaZWrHp6wcYFbZYeKt

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
sample	dcrat

Dcrat family
dcrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
488291ee16052448a88ff5f4b4ff7472.exe

Files

488291ee16052448a88ff5f4b4ff7472.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 814KB - Virtual size: 813KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ