Author Topic: Delphi Packer Looks for Human Behavior Before Deploying Payload  (Read 300 times)

Offline Antus67

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 4099
    • View Profile
Delphi Packer Looks for Human Behavior Before Deploying Payload
« on: September 23, 2018, 02:51:35 am »
Author: Tara Seals
September 21, 2018 3:45 pm

Many different threat actors are using this crypting service/tool for their operations, possibly buying it from the developer itself.

As bad actors continue to innovate in the area of sandbox evasion, the use of the Delphi programming language to pack malware code has become more and more prevalent. Researchers recently observed several spam campaigns using a specific packer written in Delphi that goes to great lengths to hunt for normal user behavior before deploying its payload.

Delphi is a legitimate integrated development environment (IDE) for rapid application development of desktop, mobile, web and console software, developed by Embarcadero Technologies. FireEye researchers have observed bad actors using it to more easily write malware that leverages Windows API functions to create anti-sandbox features.

full article here:
Windows Defender
VoodooShield 5.01
Trojan Remover