dcrat | a607a7ee35ffe0cf408f2d255b6adeda[.]exe | Triage

Sharing

General

Target

a607a7ee35ffe0cf408f2d255b6adeda.exe
Size

1.1MB
MD5

a607a7ee35ffe0cf408f2d255b6adeda
SHA1

0ba9574eba34a8db8fe8f99497b8e895c237f7d8
SHA256

c8fb375ee835d718902d31f7b5b0aac712f48a38b0dffb49eedbfc020268d74d
SHA512

f21e67de096599231905b9813a0b3843d6ab9ca7301bf1360b9b3db44ce698d01ddef85d4de870c2a125c335ac57de6083aea686aeb287cb2effa75952e7a0c5
SSDEEP

24576:6u3FsFhnmHEqiKd7udDkZWwP5Nf4JKcjSL7i:j3sm6kZW0H4oMSH

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
sample	dcrat

Dcrat family
dcrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a607a7ee35ffe0cf408f2d255b6adeda.exe

Files

a607a7ee35ffe0cf408f2d255b6adeda.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ