A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #32392  by EP_X0FF
 Tue Jan 08, 2019 5:54 am
markusg wrote: Thu Sep 20, 2018 9:30 pm SHA-256
File name
https://www.virustotal.com/#/file/26e3a ... /detection
Backdoor Orcus written in C#.

Copy itself to %AppData%\Roaming\Microsoft\Windows\Start Menu\installer.exe

Obfuscated with Agile.NET, in attach deobfuscated (https://www.virustotal.com/en/file/195a ... 546927095/). Posts moved.
You do not have the required permissions to view the files attached to this post.