dcrat | 7a1a3397249836cac73c5f104211fb6cbb2317c830c148a65acb709210aadd2e[.]exe | Triage

Sharing

General

Target

7a1a3397249836cac73c5f104211fb6cbb2317c830c148a65acb709210aadd2e.exe
Size

827KB
MD5

759b333fd8d1eedb5666fdea1da25b25
SHA1

b66fc861196561f793062622b88cdb1065e35459
SHA256

7a1a3397249836cac73c5f104211fb6cbb2317c830c148a65acb709210aadd2e
SHA512

831006157773f5a30dbf07dcbfd484f49a978c077f8e132d33c8e044f8141462bb890c344724b23c3144488c1c406d576b7009c1205772a503ce6cc92692aec3
SSDEEP

12288:M+B2ad7F/Jf2xm1/nNfkOV+0Z3+5DlpAXdet4y5+q:gad7PuxmRn60Zu7xtZp

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
sample	dcrat

Dcrat family
dcrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7a1a3397249836cac73c5f104211fb6cbb2317c830c148a65acb709210aadd2e.exe

Files

7a1a3397249836cac73c5f104211fb6cbb2317c830c148a65acb709210aadd2e.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 813KB - Virtual size: 812KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ