dcrat | ec582f81548b3b5f12398a1a1f0dd30649a496304afad8bae13f82ac0849a983

General

Target

ec582f81548b3b5f12398a1a1f0dd30649a496304afad8bae13f82ac0849a983
Size

451KB
MD5

a6091a02824b3c555758fd313502c90c
SHA1

772a5d71e88a992b7633620624d28e7d574d53fd
SHA256

ec582f81548b3b5f12398a1a1f0dd30649a496304afad8bae13f82ac0849a983
SHA512

5c3d7c02bed4fbe6b4ad08ed7f32faf8f7ad127ab482efa8e32b5d62da9be432e5bc12815ab49391467529788dc001338bf91439c1382811fc3b733178412c35
SSDEEP

12288:/r7o8rigMGSxLnvBuNPoyXd33giQJBmByY:fflMGSxL6Pj33gfBS

Score

10^/10

rat dcrat

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
static1/unpack001/621f8b48e6cd5586e3dfb5f83a24998de6903a73e6c818ad663b036f0de93250	dcrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/621f8b48e6cd5586e3dfb5f83a24998de6903a73e6c818ad663b036f0de93250

ec582f81548b3b5f12398a1a1f0dd30649a496304afad8bae13f82ac0849a983
.zip

Password: infected
621f8b48e6cd5586e3dfb5f83a24998de6903a73e6c818ad663b036f0de93250
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 888KB - Virtual size: 888KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 756B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ