dcrat | c96194c7bf528b7c7ecf526ee3578041[.]exe | Triage

Sharing

General

Target

c96194c7bf528b7c7ecf526ee3578041.exe
Size

2.7MB
MD5

c96194c7bf528b7c7ecf526ee3578041
SHA1

0b082445d2c454387834413396c6c557ff52e2d2
SHA256

c3627f7a85532ddd721bc37ed3816ff0197641ff368ed20bd39c19aabeeb97db
SHA512

c74679eff4c233d38697510932021bd9090deb4a59802347fbe30ce79305423600b5706cc8db4fc2cb203041575dc19753770fdf114a54505593eb7873c442af
SSDEEP

49152:3jgByCva+AtOYESlRp3bBKelCRxlOiOYl74sYe4IDhUdK7oIgSOrREmUGs:4q0SlRBdJ2xQO7t4IDhF7oInixU

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
sample	dcrat

Dcrat family
dcrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c96194c7bf528b7c7ecf526ee3578041.exe

Files

c96194c7bf528b7c7ecf526ee3578041.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ