dcrat | JaffaCakes118_2d6bfe5a2a7a1a866cb0ff402a4de264

General

Target

JaffaCakes118_2d6bfe5a2a7a1a866cb0ff402a4de264
Size

1.3MB
MD5

2d6bfe5a2a7a1a866cb0ff402a4de264
SHA1

03676cb1898f43c72cab1a7177481bc4c036119e
SHA256

5ec0358c56a266d3140b2a5574a47496b91d6c645f33f3c9aef51ce5cefd0a23
SHA512

c9cfac0f4241fd6c822066d65284391f85887816d7819b47a8643e4d538e5270a0e3bfb390c269ae4c146d5a448b3487abc7c67bd38abc4a16231ae92b024f37
SSDEEP

24576:5krQGqvixg+dP2eaLwkgDScUXQKbPCT7iESlQS+45:5XGigMLtQKw4SW

Score

10^/10

rat upx dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

rat

resource	yara_rule
sample	dcrat

Dcrat family
dcrat

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_2d6bfe5a2a7a1a866cb0ff402a4de264
unpack001/out.upx

Files

JaffaCakes118_2d6bfe5a2a7a1a866cb0ff402a4de264
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 460KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 138KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 165KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 460KB

UPX1 Size: 138KB - Virtual size: 140KB

.rsrc Size: 165KB - Virtual size: 168KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 196KB - Virtual size: 196KB

.rdata Size: 42KB - Virtual size: 41KB

.data Size: 4KB - Virtual size: 141KB

.didat Size: 512B - Virtual size: 392B

.rsrc Size: 180KB - Virtual size: 180KB

.reloc Size: 9KB - Virtual size: 8KB

UPX0
Size: - Virtual size: 460KB

UPX1
Size: 138KB - Virtual size: 140KB

.rsrc
Size: 165KB - Virtual size: 168KB

.text
Size: 196KB - Virtual size: 196KB

.rdata
Size: 42KB - Virtual size: 41KB

.data
Size: 4KB - Virtual size: 141KB

.didat
Size: 512B - Virtual size: 392B

.rsrc
Size: 180KB - Virtual size: 180KB

.reloc
Size: 9KB - Virtual size: 8KB