orcus | a65588611bea2e11e8b7a783586d45ed_JaffaCakes118 | Triage

Sharing

General

Target

a65588611bea2e11e8b7a783586d45ed_JaffaCakes118
Size

1.3MB
MD5

a65588611bea2e11e8b7a783586d45ed
SHA1

70df9e0bb904ec5cacd4ccc54950d3029ab322c9
SHA256

2cf884671b814b3a278eca91e8feb1e9b9b42889c6324995178d7c4df38de49a
SHA512

123a09a6f84d7a550bd9cfc61492ca8182e80fb2b0c12b476fbd742d14ba124916b1411095e24d7fb5b74073495a331fb84995d3484d29263d764aaac42979d8
SSDEEP

24576:jyI4MROxnFt3v9MQvrZlI0AilFEvxHidsRN+Sr5P8WmA2TzKsv+6k2C:jyrMijm0rZlI0AilFEvxHi2Fr5WycC

Score

10^/10

orcus

Malware Config

Signatures

Orcurs Rat Executable 1 IoCs

resource	yara_rule
sample	orcus

Orcus family
orcus

Orcus main payload 1 IoCs

resource	yara_rule
sample	family_orcus

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a65588611bea2e11e8b7a783586d45ed_JaffaCakes118

Files

a65588611bea2e11e8b7a783586d45ed_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 918KB - Virtual size: 918KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.enigma1
Size: 120KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.enigma2
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE