dcrat | 9e1a6bb098ebe80fbb5115045ba06ec0a83116487585fdcf7ddf5a333048e501 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9e1a6bb098ebe80fbb5115045ba06ec0a83116487585fdcf7ddf5a333048e501
Size

1.3MB
MD5

7c5b6af91ed263f23e6c643715954e5c
SHA1

dd8c90df0f1ee467e9160d6795744805d49e01db
SHA256

9e1a6bb098ebe80fbb5115045ba06ec0a83116487585fdcf7ddf5a333048e501
SHA512

8b9fd4eea2e82694ebd9bc7a0d2db49f16d6b8560abeb613791a4d01917b42bf7f7a8d59b00a154467d957319bfe3e6db6c616abdc1c9e6167a8b700c6b11f42
SSDEEP

24576:HiekYq02Vr1nHRMJcnzD+sbAZvfSU3WqnVTnjgWmVIV3RHRP+Hiwm:HJkYqRSqAzTnVfgWmct+Hi

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
sample	dcrat

Dcrat family
dcrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9e1a6bb098ebe80fbb5115045ba06ec0a83116487585fdcf7ddf5a333048e501

Files

9e1a6bb098ebe80fbb5115045ba06ec0a83116487585fdcf7ddf5a333048e501
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ