Orcus[.]Administration[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Orcus.Administration.exe
Size

3.9MB
MD5

37349777df1cc9c8d3d62eb733f7cd45
SHA1

456233fa947ab155dbe5636eda0a77346197bb4c
SHA256

0121f2d7ddc074ffa05619dbb2a4b555a4b550168a765b57fa8bd9298a7e4b52
SHA512

ca4e1a39dbb0fa0c6bbef7142cf457856cc2db14c03b5b9ea5c28811a3a70cc05505320f50e133e166aad25d779ac043b0f29b09bb34a342f5111603cc5dd074
SSDEEP

49152:VZV/t1QLjeVxAl40NVANW8cyTXTG1H66VbTWnepAl4:VZVDVxAl40NG48cyTKjVbTWnepAl4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Orcus.Administration.exe

Files

Orcus.Administration.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\Orcus-1.9.1-src\Orcus-1.9.1-src\Orcus.Administration\obj\Release\Orcus.Administration.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ