orcus | 16c9ee1c6e4365597e336c8ffeb38d7d_JaffaCakes118 | Triage

Sharing

General

Target

16c9ee1c6e4365597e336c8ffeb38d7d_JaffaCakes118
Size

3.2MB
MD5

16c9ee1c6e4365597e336c8ffeb38d7d
SHA1

3869555724d34963f5406454170d2f059cc670fe
SHA256

44122740f455f22cc366cccc81af7be5e78d1759700eafff6d3f9ba20b70c908
SHA512

40c265daafd6b833e63a47d3fcf237babcda842b411e108611d5efda565f4d28877cbda1a594309694203276fe1f94899e1ef4a516f71c1ef2d38e59e51be6cf
SSDEEP

49152:aKMib8rrcI0AilFEvxHPvmYCk3CZC8Z6uIvOz6:aKqmRkSZC8ZgJ

Score

10^/10

orcus

Malware Config

Signatures

Orcurs Rat Executable 1 IoCs

resource	yara_rule
sample	orcus

Orcus family
orcus

Orcus main payload 1 IoCs

resource	yara_rule
sample	family_orcus

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16c9ee1c6e4365597e336c8ffeb38d7d_JaffaCakes118

Files

16c9ee1c6e4365597e336c8ffeb38d7d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

88381b84da56810b869e897e6d45bd58

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

V:\builds\BoxedApp\files\A762B510\src\BoxedApp\bxpackergui\obj\Win32\Release\DotNetAppStub32\DotNetAppStub32.pdb

Imports

kernel32

GetModuleHandleA
LoadLibraryA
GetProcAddress

user32

EnumChildWindows

Sections

.text
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bxpck
Size: 912KB - Virtual size: 912KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.main
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bxpck
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.main
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE