General

  • Target

    svhost.exe

  • Size

    1.2MB

  • MD5

    754dceb944cf505a0957e70370a972ef

  • SHA1

    c16e4782f0f2f868deff74d4bc76b528162f1fcc

  • SHA256

    2a9851860e7d245eadc3004f986afc3cec8c7bf2fc967fdfbca1e0a96b864efa

  • SHA512

    ad1ace193fdc6ba8dba7c11dacc9afc5420efd7dc45a0994bec8d12952e806488b3156b8ec346e6f13b7f66e9b0890e65791eecb1ed574383ca73ed5ab2a4568

  • SSDEEP

    12288:3F81ciMbLepD06qWmVoos41xTTnKYli3CaKyA/Ds5iE1kxuZcsWBYQ/7o+No9eLd:uciMa06q2YpE2yA/DFPxuBWBZCA

Score
10/10

Malware Config

Signatures

  • DCRat payload 1 IoCs

    Detects payload of DCRat, commonly dropped by NSIS installers.

  • Dcrat family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • svhost.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections