dcrat | 25fac6b0d6075d63bbb1727f93a99bf3fc6ce9a298fde4a5e58944e21b4bc0a7[.]exe | Triage

Sharing

General

Target

25fac6b0d6075d63bbb1727f93a99bf3fc6ce9a298fde4a5e58944e21b4bc0a7.exe
Size

3.2MB
MD5

8c1a813f52ed5c9f746cc2baea9b421c
SHA1

923f06dd79705fe0957b6efa9b47f8a726e80b08
SHA256

25fac6b0d6075d63bbb1727f93a99bf3fc6ce9a298fde4a5e58944e21b4bc0a7
SHA512

b524b7766912011f5ff17bf8b7b4b96abed8a77b113a27eb4ef9ba2fa840946b5443e68204e1e2e45ed9a78c2c681ad12c5a1324bcafee63d297f8dfe8cddb57
SSDEEP

49152:oD+WhPI+P05YhHbpHP1qcdhymFKN/1cCLKtrp8qotx/8jwwpO5:k+WhPIq0iHPEA1W/19LGrBoP9wpO5

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
sample	dcrat

Dcrat family
dcrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25fac6b0d6075d63bbb1727f93a99bf3fc6ce9a298fde4a5e58944e21b4bc0a7.exe

Files

25fac6b0d6075d63bbb1727f93a99bf3fc6ce9a298fde4a5e58944e21b4bc0a7.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ