dcrat | 326f6a67f8d1a79f74facf1d5fae06e3[.]exe | Triage

Sharing

General

Target

326f6a67f8d1a79f74facf1d5fae06e3.exe
Size

828KB
MD5

326f6a67f8d1a79f74facf1d5fae06e3
SHA1

6700386db5a55cb8aeec8cc9d379d74c5104b93f
SHA256

b84e5c856aa26d7a7a9720e00125d554c55a462ab64fc27b516c554ac067552c
SHA512

1788528a5ca06024e4c75bef3752a7087429bae43c7db93fdbd351d4e34aa2f447da5f124e62ac1bb2b73bb7e2175d3b5bd61c1fd51eced95ebe946656f8b3e2
SSDEEP

12288:SLkd3d2CsGdffrYmbRuWTVMJGi0ISdEAQfhapVg2LsTqwbMN:Sq2CtdfsmbRuWTybSWxinLsTqfN

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
sample	dcrat

Dcrat family
dcrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
326f6a67f8d1a79f74facf1d5fae06e3.exe

Files

326f6a67f8d1a79f74facf1d5fae06e3.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 814KB - Virtual size: 813KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ