Extracted

• • Target

    e577f4ac1cbacfd820aacf33742fc87b_JaffaCakes118

  • Size

    218KB

  • MD5

    e577f4ac1cbacfd820aacf33742fc87b

  • SHA1

    55c96b2a83b89537d5f9782756bc7062261af2fd

  • SHA256

    bd1fddb473eda986cffe9be610909536acd18ba90f21a5e84146ca4f1c7cc3ba

  • SHA512

    a3ab0439bdc26d49fc5e8ce609d6978867ac8b22cc30fc083a3108e5f0e3f44cd2d4d9bee146ac727bd28e4f75e8556cdd48cffd97dee6e0f555d9f3ddc31841

  • SSDEEP

    3072:jRrEC2Oi8NXC797F8TBfFvj4bq57P42Tf6FVxJFkhiB8l7bw5Wcdh3y:jCC2F8NXC796TB9vj48P1TytB8dbwvhi

  Score

  10^/10

  latentbotdiscoverypersistencetrojan

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • Uses the VBS compiler for execution

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2