dcrat | c76615b8f581aaaf477d84be98e8ea7c_JaffaCakes118 | Triage

Sharing

General

Target

c76615b8f581aaaf477d84be98e8ea7c_JaffaCakes118
Size

1.1MB
MD5

c76615b8f581aaaf477d84be98e8ea7c
SHA1

b5c19a63af315762dee75232fc29862255ef87a9
SHA256

22d63d9860fa09c5f5c6a6900aee81a8f0bdaf0647892d300d949c7116ebc354
SHA512

2d159441ca886fbb35e1a1c6acb6203c5efe4944759d87e157f7507967eb1b1f0a0fb14fd27c280f45c1a715212aa7c5fc9e87606ec9420efbf5b3510a92dc2c
SSDEEP

24576:foVOdgE22Jlx52AdzNYBO7X6zOTYqVJ7dmnhRVxOWF0+4:1gqx5rgO790e8Dn

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
sample	dcrat

Dcrat family
dcrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c76615b8f581aaaf477d84be98e8ea7c_JaffaCakes118

Files

c76615b8f581aaaf477d84be98e8ea7c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ