Backdoor:MSIL/Orcus

Forum for analysis and discussion about malware.
Post Reply
markusg
Posts: 736
Joined: Mon Mar 15, 2010 2:53 pm

Thu Sep 20, 2018 9:30 pm

SHA-256
26e3ac4d81005556ccce5d912403bebd8423e47947abfc373b399ad375f35782
File name
wwe_2K18_installer.exe
https://www.virustotal.com/#/file/26e3a ... /detection
You do not have the required permissions to view the files attached to this post.
User avatar
EP_X0FF
Global Moderator
Posts: 4903
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:

Tue Jan 08, 2019 5:54 am

markusg wrote:
Thu Sep 20, 2018 9:30 pm
SHA-256
26e3ac4d81005556ccce5d912403bebd8423e47947abfc373b399ad375f35782
File name
wwe_2K18_installer.exe
https://www.virustotal.com/#/file/26e3a ... /detection
Backdoor Orcus written in C#.

Copy itself to %AppData%\Roaming\Microsoft\Windows\Start Menu\installer.exe

Obfuscated with Agile.NET, in attach deobfuscated (https://www.virustotal.com/en/file/195a ... 546927095/). Posts moved.
You do not have the required permissions to view the files attached to this post.
Ring0 - the source of inspiration
Post Reply