Backdoor.Orcus

Backdoor.Orcus Description

Backdoor.MoSucker (also known as Backdoor.Orcus) is a generic Trojan that threat actors deploy to users via exploit kits and spam emails. The Backdoor.MoSucker Trojan features the same capabilities you can find in remote access tools like TeamViewer and LogMeIn with added functionality. The Backdoor.MoSucker program can be used by threat actors to kill, run and modify processes on the infected system. Backdoor.MoSucker can move, rename and delete files on the local disk. The Trojan can log the user's activity and change the desktop background image. Also, the malware can be instructed to show message boxes, change data & time properties, restart the PC and modify the Windows Registry.

The Backdoor.MoSucker Trojan is configured to maintain a constant connection to its 'Command and Control' servers as long as the infected machine is turned on. Compromised users may notice strange movements of their mouse cursor and keyboard input that is not consistent with their commands. Backdoor.MoSucker can restrict the user's ability to issue commands to the compromised system and transform the device into a proxy for a remote user's advantage. Infected machines may be used to hide the network traffic of threat actors and even execute DDoS (Distributed Denial of Service) attacks. It is advised to remove the Backdoor.MoSucker Trojan in offline mode using a trusted anti-malware scanner.

Detection names for Backdoor.MoSucker by AVs:

BKDR_MOSUCK.A
BackDoor.Mosu
Backdoor.Generic.180860
Backdoor.Win32.MoSucker.dd!IK
Backdoor.Win32.Mocbot.bn
Heuristic.LooksLike.Win32.Spypro.B
Packer.Morphine.Gen (v)
TR/Crypt.Morphine.Gen
TrojWare.Win32.PkdMorphine.~AN
W32/Troj_Obfusc.Z.gen!Eldorado
Win-Trojan/Mosucker.75506
Win32:MoSucker-N [Trj]

Technical Information

File System Details

Backdoor.Orcus creates the following file(s):
# File Name Size MD5
1 file.exe 2,338,640 956098914ea294ef80ed87da2dae7eda

Registry Details

Backdoor.Orcus creates the following registry entry or registry entries:
Directory
%APPDATA%\Orcus
%PROGRAMFILES%\os
%PROGRAMFILES(x86)%\os
Regexp file mask
%APPDATA%\.orcusInstallation
%APPDATA%\Orcus\Microsoft\DriverManager.exe
%WinDir%\System32\Tasks\Orcus Respawner

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.


HTML is not allowed.