dcrat | 3fd7bf5bdabcf6b20768b350bbd10bb2[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3fd7bf5bdabcf6b20768b350bbd10bb2.exe
Size

3.4MB
MD5

3fd7bf5bdabcf6b20768b350bbd10bb2
SHA1

3d4b1b67092b5ca0df36cdf703a515f8b0333ad1
SHA256

05305ca0ea5b5882c399450974bed845fdc6560a0c5c6a7dfe14daf00f6e9385
SHA512

435ec3889ea4dcc6022eb3ccb9adb15440be07e13226361150d622a1c475764a6cbc8271f5e0dd1b4e1c752442a6b0dd93c192247674e3dbf7f3a3f8c192c9fd
SSDEEP

49152:9KhzR9pXYH0nl/c18HxTfH7sfZ1LtiwjDG8JCOZrt7QuQuph8:9KVP//c18RE7Y0BiuJpq

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
sample	dcrat

Dcrat family
dcrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3fd7bf5bdabcf6b20768b350bbd10bb2.exe

Files

3fd7bf5bdabcf6b20768b350bbd10bb2.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ