dcrat | 95c8a2a9b99890e2398ab49937de11179c816b92ca6ab2ba269f1f8598675e27[.]exe | Triage

Sharing

General

Target

95c8a2a9b99890e2398ab49937de11179c816b92ca6ab2ba269f1f8598675e27.exe
Size

2.2MB
MD5

ba5102fee3b188bb6ac65068ec18d95d
SHA1

59a111a9ab515d690995496967de195eb23b097c
SHA256

95c8a2a9b99890e2398ab49937de11179c816b92ca6ab2ba269f1f8598675e27
SHA512

2dfe580f3e278431fef83d2c33c19e8af33ba958a7d6abc4cce571b202a64a06d7c54fda635b9b649d6bb6090ef0370063cf35cd5e6688dc435db6e6fe07cc37
SSDEEP

49152:ssSHlG56vO0T3/Nh/ptuw/C3TqGaDxr1NcWTMUvifC:sLlK6d3/Nh/bV/Oq3Dxp2RUGC

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
sample	dcrat

Dcrat family
dcrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
95c8a2a9b99890e2398ab49937de11179c816b92ca6ab2ba269f1f8598675e27.exe

Files

95c8a2a9b99890e2398ab49937de11179c816b92ca6ab2ba269f1f8598675e27.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ