× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 195a1dda7c96b78615df4da0cb5722fda6b218d89ce22f937d66228349a2b2e0
File name: orcus.bin
Detection ratio: 43 / 69
Analysis date: 2019-01-08 05:58:15 UTC ( 3 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Generic.MSIL.PasswordStealerA.696589F1 20190108
AhnLab-V3 Win-Trojan/OrcusRAT.Exp 20190108
ALYac Generic.MSIL.PasswordStealerA.696589F1 20190108
Arcabit Generic.MSIL.PasswordStealerA.696589F1 20190108
Avast Win32:RATX-gen [Trj] 20190108
AVG Win32:RATX-gen [Trj] 20190107
Avira (no cloud) HEUR/AGEN.1013795 20190107
BitDefender Generic.MSIL.PasswordStealerA.696589F1 20190107
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cybereason malicious.6abb73 20180225
Cylance Unsafe 20190108
Cyren W32/MSIL_Injector.KK.gen!Eldorado 20190107
DrWeb BackDoor.Orcus.13 20190107
Emsisoft Backdoor.Orcus (A) 20190107
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of MSIL/Agent.AQI 20190108
F-Prot W32/MSIL_Injector.KK.gen!Eldorado 20190108
F-Secure Generic.MSIL.PasswordStealerA.696589F1 20190108
Fortinet MSIL/Generic.AP.F529E!tr 20190108
GData MSIL.Backdoor.Orcus.A 20190108
Ikarus Trojan.MSIL.Agent 20190108
Sophos ML heuristic 20181128
Jiangmin Trojan.Generic.awtqj 20190107
K7AntiVirus Trojan ( 005011a81 ) 20190108
K7GW Trojan ( 005011a81 ) 20190108
Kaspersky HEUR:Trojan-Spy.MSIL.Generic 20190108
Malwarebytes Backdoor.Orcus.Generic 20190108
MAX malware (ai score=87) 20190108
McAfee BackDoor-FDJE!86857716ABB7 20190108
McAfee-GW-Edition BehavesLike.Win32.Generic.dc 20190108
Microsoft Backdoor:MSIL/Orcus.A!bit 20190108
eScan Generic.MSIL.PasswordStealerA.696589F1 20190108
Rising Backdoor.Orcus!8.A4F3 (TFE:C:z8ZOU2gmlHG) 20190108
SentinelOne (Static ML) static engine - malicious 20181223
Sophos AV Troj/Orcusrot-A 20190108
SUPERAntiSpyware Trojan.Agent/Gen-Injector 20190102
Symantec ML.Attribute.HighConfidence 20190108
Trapmine malicious.moderate.ml.score 20190103
TrendMicro BKDR_ORCUSRAT.SM 20190108
TrendMicro-HouseCall BKDR_ORCUSRAT.SM 20190108
VBA32 TScope.Trojan.MSIL 20190104
Yandex Trojan.Agent!FOm6CWjxjIY 20181229
ZoneAlarm by Check Point HEUR:Trojan-Spy.MSIL.Generic 20190108
Acronis 20181227
AegisLab 20190108
Alibaba 20180921
Antiy-AVL 20190108
Avast-Mobile 20190107
Babable 20180918
Baidu 20190107
Bkav 20190107
CAT-QuickHeal 20190107
ClamAV 20190107
CMC 20190107
Comodo 20190107
eGambit 20190108
Kingsoft 20190108
NANO-Antivirus 20190108
Palo Alto Networks (Known Signatures) 20190108
Panda 20190107
Qihoo-360 20190108
TACHYON 20190108
Tencent 20190108
TheHacker 20190106
Trustlook 20190108
ViRobot 20190108
Webroot 20190108
Zillya 20190105
Zoner 20190108
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Original name Orcus.exe
Internal name Orcus.exe
File version 1.0.0.0
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-15 19:44:25
Entry Point 0x000E277E
Number of sections 3
.NET details
Module Version ID 11ec421d-2132-4a3a-a1ae-49914a463f00
TypeLib ID 3601a898-0fe1-4710-ac30-2e6c417f46bd
PE sections
Overlays
MD5 8ec493ec33223962f5d57ee94d877b6f
File type data
Offset 924672
Size 25600
Entropy 7.99
PE imports
_CorExeMain
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileVersionNumber
1.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
4608

EntryPoint
0xe277e

OriginalFileName
Orcus.exe

MIMEType
application/octet-stream

FileVersion
1.0.0.0

TimeStamp
2018:09:15 20:44:25+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Orcus.exe

ProductVersion
1.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
919552

FileSubtype
0

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

File identification
MD5 86857716abb73d03a3b6769b98ec1220
SHA1 54e6f7755dd4cdf7f58ad02d67dc27e49b25b5e9
SHA256 195a1dda7c96b78615df4da0cb5722fda6b218d89ce22f937d66228349a2b2e0
ssdeep
24576:aZR4MROxnFNi0rrcI0AilFEvxHjxQ61fu:aZOMi20rrcI0AilFEvxHj1fu

authentihash 4ab5229b7cf15e87020b82a136a22657e2dbb3076ab30a9e4c5a9faef78d8a5e
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 928.0 KB ( 950272 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (49.6%)
Win64 Executable (generic) (18.7%)
Microsoft Visual C++ compiled executable (generic) (11.1%)
Windows screen saver (8.8%)
Win32 Dynamic Link Library (generic) (4.4%)
Tags
peexe overlay assembly via-tor

VirusTotal metadata
First submission 2019-01-08 05:58:15 UTC ( 3 months, 1 week ago )
Last submission 2019-01-08 05:58:15 UTC ( 3 months, 1 week ago )
File names Orcus.exe
orcus.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!