dcrat | 96eb0486f024f992bc3e81641d96d3d0[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

96eb0486f024f992bc3e81641d96d3d0.exe
Size

2.2MB
MD5

96eb0486f024f992bc3e81641d96d3d0
SHA1

466d4db6c6fbbb5d58b2e089b15b6e39c0363f8e
SHA256

15d2d7470da66ec434a6da91d444dbc3fc6ebc54b8b4a9d225685b04c7bc4fde
SHA512

0e38a580fa2378baca37b4260321b6db9c9bad7c66a4b34bb8967ed3113f44b5485ac5bf450ad1b973246b9064a5fa1051951f92cbe359a83f29969326e0c839
SSDEEP

49152:Bbz7noruNu06uhaPSKhsToOVc6YlGa4SwvPrn0Gtkjz/+f:BbforB0UsoOVileSwvPrnLkjz/+

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
sample	dcrat

Dcrat family
dcrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
96eb0486f024f992bc3e81641d96d3d0.exe

Files

96eb0486f024f992bc3e81641d96d3d0.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ