dcrat | D0CD2568BF153709F5ED4491BD8534AB[.]exe | Triage

Sharing

General

Target

D0CD2568BF153709F5ED4491BD8534AB.exe
Size

826KB
MD5

d0cd2568bf153709f5ed4491bd8534ab
SHA1

070e2b33bd4e51417eb1ac74301f25afb35d7ec2
SHA256

4d77c973871f6870b7adb2703dcfa7d1941d12aaf6ad761f0d7cdd94092db798
SHA512

0ea13e0dff1c362eeb02f75ebef502a3605f5c381082f05548dfd0213cdc78aa90757876f9bae5348255794645a99eb83a0c72fb27e64d4b1c02d9d0cc1c6b98
SSDEEP

12288:82NE1Iv7VIWfLEcNif4F4aJHIi4ENQj0SeyZIZOJ59bsAzeA7:e1aV9fLofI4aVNYGZ059bNyI

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
sample	dcrat

Dcrat family
dcrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
D0CD2568BF153709F5ED4491BD8534AB.exe

Files

D0CD2568BF153709F5ED4491BD8534AB.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 812KB - Virtual size: 811KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ