dcrat | 2cc2927e40949d03a20f49a08b8ed197a885cb7b40b49b0f200faa825c6dc350N | Triage

Sharing

General

Target

2cc2927e40949d03a20f49a08b8ed197a885cb7b40b49b0f200faa825c6dc350N
Size

1.7MB
MD5

1dceb6b1e3dfd0394b0c54a183608890
SHA1

4cd2ef846db28bfabf443bb67292d250fb4fcfb1
SHA256

2cc2927e40949d03a20f49a08b8ed197a885cb7b40b49b0f200faa825c6dc350
SHA512

4f0a297e77d6b0e39dfb6478d08067ea801481c5e2103e06ad4b828452ab9f20714837e41119dcb451ae058c1eb1322a3f6f6bbe2d2e23a16f2467bb586a676c
SSDEEP

49152:D+gYXZTD1VXUqzX7VwjvMoh1IFyuyigWnMzm6sDBKv:uTHUxUoh1IF9gl2

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
sample	dcrat

Dcrat family
dcrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2cc2927e40949d03a20f49a08b8ed197a885cb7b40b49b0f200faa825c6dc350N

Files

2cc2927e40949d03a20f49a08b8ed197a885cb7b40b49b0f200faa825c6dc350N
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ