Threat Database Backdoors Backdoor.MSIL.Orcus.J

Backdoor.MSIL.Orcus.J

By CagedTech in Backdoors

Threat Scorecard

Popularity Rank: 10,130
Threat Level: 60 % (Medium)
Infected Computers: 51
First Seen: August 30, 2024
Last Seen: February 22, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Backdoor.MSIL.Orcus.J
Signature status: No Signature

Known Samples

MD5: 158fb395471fc9913054f245f73d54f6
SHA1: da9c856608eadd5da93da889b78140eb1c2f94ff
SHA256: 71253773B0A4F8E83EEE6242013819481051629C9C7723837D88DDC7C450CA46
File Size: 405.50 KB, 405504 bytes
MD5: 1c1999ac1b0eca7a0e877000f8a2dbcb
SHA1: 095970e06867107e2034e5f9943d9db0d29313ec
SHA256: E80060D9BDC38A2FE1C512FCE2DD24433F8C814C5B03B9380B6D3CCB64B0F813
File Size: 405.50 KB, 405504 bytes
MD5: 412d910ad119fdf126fb5996d44cf57e
SHA1: 7ce4b6db020f111bdfab178f9001988e6d809850
SHA256: 4F7A902E92A0A58BBEC8465715E90FC4DFF4739356EC7A21A887FBCF9B7C21EE
File Size: 405.50 KB, 405504 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File doesn't have security information
  • File is .NET application
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
App Host .NET Runtime Bootstrapper v2.5.4 (GUI)
Assembly Version 1.0.0.0
Company Name Articy Software GmbH & Co. KG
File Description ArticyDraft
File Version
  • 4.3.2.0
  • 4.1.10.0
  • 4.1.6.0
Internal Name ArticyDraft.exe
Legal Copyright
  • Copyright © 2014-2025 Articy Software GmbH & Co. KG
  • Copyright © 2014-2026 Articy Software GmbH & Co. KG
Original Filename ArticyDraft.exe
Product Name articy:draft X
Product Version 1.0.0

File Traits

  • .NET
  • ntdll
  • x86

Block Information

Total Blocks: 463
Potentially Malicious Blocks: 158
Whitelisted Blocks: 305
Unknown Blocks: 0

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 x 0 x 0 0 x 0 x x 0 0 x x 0 0 0 0 0 x x x x x x 0 0 x 0 0 x x x x x x x x x 0 x x x 0 x x x 0 x x 0 x x x x 0 0 0 0 0 x 0 x x x x x x x 0 x x x x x x x x x 0 0 x x x x 0 0 x 0 0 0 0 x x 0 0 x 0 x 0 0 0 x 0 0 0 x 0 0 0 0 0 0 0 x x 0 x x 0 0 0 0 x x x 0 0 0 0 x x x x 0 0 0 0 0 x x 0 0 0 0 0 0 x x 0 x 0 x x x 0 x 0 0 0 x 0 x x 0 0 0 0 0 0 x x x x 0 x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 x x x 0 0 0 0 0 x x x x x 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x x x 0 x x x x x x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x 0 0 0 0 0 0 0 0 x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 x x x 0 0 0 0 0 x x x x x x 0 x x x x x x x x x x x 0 x 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • MSIL.Orcus.C
  • MSIL.Orcus.D
  • MSIL.Orcus.F
  • MSIL.Orcus.J
  • Orcus.J
Show More
  • Orcus.L

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateKey
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
Show More
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • UNKNOWN
User Data Access
  • GetUserObjectInformation
Anti Debug
  • IsDebuggerPresent

Trending

Most Viewed

Loading...