Extracted

• • Target

    JaffaCakes118_8ab005fa32ecaf0b7050c8123a1d76c0

  • Size

    104KB

  • MD5

    8ab005fa32ecaf0b7050c8123a1d76c0

  • SHA1

    b96f593d442699892525b71486f9e3b980409079

  • SHA256

    03e9766f9ee13cd36947ed60a91193ad0aa423071e620cdffab9ad4babdc1e44

  • SHA512

    33e559a54fa07ab20f64d3de2a829e0ae1881f72355ae3a6bee90b44c3523edf39aac30b3057d95fc768f430532cd6be0e93706ca26f5c53ac1b04b37c241333

  • SSDEEP

    1536:ueB11wAeGAB+4T6qZSVhIitZmcB3CQlwDwX3X/Ml4W4jEgLgSIREI:V1w9846qDitZLRCQlwDwXUl4ugdI

  Score

  10^/10

  discoveryupxlatentbotpersistencetrojan

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • Latentbot family

    latentbot

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2