dcrat | 58a03f613b3fa590f593056c13b724043e065413ee85a3c4dd62ae1cbc9da497N | Triage

Sharing

Copy URL Twitter E-mail

General

Target

58a03f613b3fa590f593056c13b724043e065413ee85a3c4dd62ae1cbc9da497N
Size

2.0MB
MD5

5cf3e97ed8c79a7f7aea977782a53880
SHA1

01d8404b00cee08f64c6be1303a6c86eba3cdbe9
SHA256

58a03f613b3fa590f593056c13b724043e065413ee85a3c4dd62ae1cbc9da497
SHA512

7a03847f69aabc1574c103b6d91871c58e833bada8d1b8b86affa49488af30e71f67330af74ca3c1d5ae7268e6bd2c1d480f70be3297be688b20e980fc0f6104
SSDEEP

49152:LpEYPUUpXKs7cnhyvc16K7bV9+UpbCpR2aAY:LpEYcOT7chwqB7bCpRJA

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
sample	dcrat

Dcrat family
dcrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
58a03f613b3fa590f593056c13b724043e065413ee85a3c4dd62ae1cbc9da497N

Files

58a03f613b3fa590f593056c13b724043e065413ee85a3c4dd62ae1cbc9da497N
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ