Malware News Threat Actors Use Delphi Packer to Shield Binaries From Malware Classification

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Threat actors are increasingly using a Delphi packer to shield their binaries from malware classification by antivirus software and other security solutions.

FireEye analyzed several samples carrying the “BobSoft Mini Delphi” signature and determined that the samples were consistent with Delphi code constructs. These findings revealed that the malware binaries had been packed using a Delphi packer.

The enterprise security firm observed the packed samples being dropped in various spam campaigns. One operation used an attached document with malicious macros to download the malware. Another leveraged a document that exploited an equation editor vulnerability to deploy its packed payload.

In its analysis, FireEye came across at least eight malware families using the Delphi packer for their campaigns. Lokibot was by far the most prominent, followed by the Pony downloader and NanoCore. Researchers also spotted a cryptomining threat called CoinMiner using the packer.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top