C:\Users\28718\Documents\GitHub\DcRat\Binaries\Release\DcRat.pdb
Behavioral task
behavioral1
Sample
c73b1ffa39c5843b2ed951ac48350d1deb33db4057341f1dab1ee64ea1a62248.exe
Resource
win7-20240903-en
General
-
Target
JaffaCakes118_e3ff20a111a514abf50b6b603ef24e17db7a0fc1c38912c58823868aec9829b5
-
Size
4.7MB
-
MD5
046b8dc12ef24c7b8d593d6bc022a476
-
SHA1
38b16b84706767b9825eafd0b1b27b00698ba739
-
SHA256
e3ff20a111a514abf50b6b603ef24e17db7a0fc1c38912c58823868aec9829b5
-
SHA512
ebc2322202b7c74314b3980febad5fb61d51bcbb0b1aa2234a6887fe8ab08d83a5f0413c3dba9ce04adcf32e1054966aa287bec6db9b8cf36bd0e9ff26a8512c
-
SSDEEP
98304:tBtGZoZWqcq+ew2/W6w6F+75eIE/GuW2OIY+QIWR7P:trCkWN7e5/VF+AV+8y7P
Malware Config
Signatures
-
Asyncrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/c73b1ffa39c5843b2ed951ac48350d1deb33db4057341f1dab1ee64ea1a62248
Files
-
JaffaCakes118_e3ff20a111a514abf50b6b603ef24e17db7a0fc1c38912c58823868aec9829b5.zip
-
c73b1ffa39c5843b2ed951ac48350d1deb33db4057341f1dab1ee64ea1a62248.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
PDB Paths
Imports
mscoree
_CorExeMain
Sections
.text Size: 12.2MB - Virtual size: 12.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 68KB - Virtual size: 67KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ