dcrat | 268d50436be43e7f6b465189e3934f7d[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

268d50436be43e7f6b465189e3934f7d.exe
Size

829KB
MD5

268d50436be43e7f6b465189e3934f7d
SHA1

7449c431f918d05e099aa08b7e060a27ac5d4b33
SHA256

e8885f4d1c45781910793b55d8ad7e60eb55e2f8db38ed1a6c4194bc87cbf6cb
SHA512

495fa07a2a2e07c63a4a6fe2caa7c97f3d6f4b42eca6477ae67d4103e94dc4877c97dc23f21792b1be9418415701c52f9153ebe84082c6ed9b5aa2d2174dbe4b
SSDEEP

12288:OqqS4bvDba0XqckNPfTugaRUSJ3uGRx77LA43bB5vvemZfE1dfm6+oe3:3qS4bvpkNPfT5653j7L9L7GmZYu6R+

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
sample	dcrat

Dcrat family
dcrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
268d50436be43e7f6b465189e3934f7d.exe

Files

268d50436be43e7f6b465189e3934f7d.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 814KB - Virtual size: 814KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ