Extracted

• • Target

    2d3db8bd8d62524e285b82f9abf62c53_JaffaCakes118

  • Size

    1.1MB

  • MD5

    2d3db8bd8d62524e285b82f9abf62c53

  • SHA1

    a1106578e05f0f979b82f2bbe753e86501709ddc

  • SHA256

    c255b4844590506a4a650a59c6bb2d6143c64a41fa9e4f2acb4bc6c468bf8aa6

  • SHA512

    4326606a71386786af4880582ba599287848579653a47083089455e5fe67fa0e29dcfd749ad4cea783696e1b8aa199212c0a9d1228fdd153d1ccd1ea69421fb9

  • SSDEEP

    12288:9/HXIPhqmis3LHSuui5yx1mQ6Wi4jymtsWojMGJMxpg9hKlctvGEvP3ZqrbNjh:9vc3LHVui5/H4jrtZ5GJIiY2GEJaf

  Score

  10^/10

  latentbotevasionthemidatrojan

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • Drops startup file

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Themida packer

    Detects Themida, an advanced Windows software protection system.

    themida

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2