orcus | 617f94ce69b2d394429c842ae4bff0b3d2f556108f55ce05bf4e88db68198d45

Sharing

Copy URL Twitter E-mail

General

Target

617f94ce69b2d394429c842ae4bff0b3d2f556108f55ce05bf4e88db68198d45
Size

2.7MB
MD5

2f7df8706ec66f8e578c686ac45eb708
SHA1

8d8ea8bebb0ef8457429bfd08a70be3604ec0afa
SHA256

617f94ce69b2d394429c842ae4bff0b3d2f556108f55ce05bf4e88db68198d45
SHA512

8fd149d4d10e645292e7aea0405f530cd0ac316a6086d9a5cfa8f468cce5a149f898a124f63d9baf8e3e9aeb046462cd95cd567fa1c6cedfd2c85393ec65e37f
SSDEEP

49152:b6jMijNrZlI0AilFEvxHiFcl9/csqXF5fv2:Wjdcl9/c/XF5fO

Score

10^/10

orcus

Malware Config

Signatures

Orcurs Rat Executable 1 IoCs

resource	yara_rule
sample	orcus

Orcus family
orcus

Orcus main payload 1 IoCs

resource	yara_rule
sample	family_orcus

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
617f94ce69b2d394429c842ae4bff0b3d2f556108f55ce05bf4e88db68198d45

Files

617f94ce69b2d394429c842ae4bff0b3d2f556108f55ce05bf4e88db68198d45
.dll windows:6 windows x86 arch:x86

f1a0156c334487feae165e2ad54ebb27

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\runneradmin\Desktop\dc-crack-build-to-byte-dll-main\Release\rat to byte.pdb

Imports

kernel32

K32EnumDeviceDrivers
VirtualProtect
OutputDebugStringA
K32GetDeviceDriverBaseNameA
WaitForSingleObject
GetModuleHandleA
Sleep
SetEvent
GetCurrentThread
LoadLibraryA
CloseHandle
CreateThread
SwitchToThread
GetThreadContext
GetProcAddress
CreateEventA
IsDebuggerPresent
GetLastError
AreFileApisANSI
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
FindFirstFileW
FindClose
CreateFileW
GetLocaleInfoEx
FormatMessageA
LocalFree
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WideCharToMultiByte
MultiByteToWideChar
GetFileInformationByHandleEx

user32

FindWindowA
GetRawInputDeviceInfoW
GetRawInputDeviceList

msvcp140

?_Xout_of_range@std@@YAXPBD@Z
?_Winerror_map@std@@YAHH@Z
?_Xlength_error@std@@YAXPBD@Z
?_Syserror_map@std@@YAPBDH@Z

vcruntime140

__current_exception
__std_exception_copy
_CxxThrowException
memset
__std_type_info_destroy_list
_except_handler4_common
__std_terminate
__std_exception_destroy
__CxxFrameHandler3
__current_exception_context
memmove
memcpy

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_register_onexit_function
_crt_atexit
_configure_narrow_argv
_seh_filter_dll
terminate
_cexit
_initterm
_invalid_parameter_noinfo_noreturn
_initterm_e
_initialize_narrow_environment
_initialize_onexit_table

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 915KB - Virtual size: 915KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f1a0156c334487feae165e2ad54ebb27

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

msvcp140

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 31KB - Virtual size: 31KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 915KB - Virtual size: 915KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 1.8MB - Virtual size: 1.8MB

.text
Size: 31KB - Virtual size: 31KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 915KB - Virtual size: 915KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 1.8MB - Virtual size: 1.8MB