Threat Database Trojans Trojan.Malpack.JB

Trojan.Malpack.JB

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 4
Threat Level: 80 % (High)
Infected Computers: 49,113
First Seen: December 6, 2012
Last Seen: March 24, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Malpack.JB
Signature status: No Signature

Known Samples

MD5: efdc2f1656529a11b54493f4165703c8
SHA1: cfe98a030a90cd4abe316d9fc748dd7c23c2f0ef
SHA256: 72F595912F4265E6BC1A3E00E79619B09A8454F635257F0106487925C19E92F0
File Size: 5.33 MB, 5325824 bytes
MD5: 94bfb3ecd579e9e0476dbcc3a95fceb7
SHA1: c573f5a3508fc692f7dd14c2bd21b4d754752f15
SHA256: B0181A9177B69367DDCD25F05E3C524CD698E26921C518C795409A0DE6FB4E1C
File Size: 4.61 MB, 4607285 bytes
MD5: 843256681cdc787072fb7f0a8cfe9782
SHA1: fdee8f44ab157ede364020d8542d26bfc172fc91
SHA256: E131EBCF5B4B00934804AC546239447095BA14BB65C1BBE6EE10EF31FC12101C
File Size: 6.27 MB, 6265344 bytes
MD5: 6d7e0341d7d3a9cfb93133b22635cfdf
SHA1: db127427af8ef6ccbb45e14919c2c17d156e2fd4
SHA256: 672689D12AC963B99957C7A6EF918FC43A90644CB3A85C08CB8E0E289E18840B
File Size: 1.97 MB, 1967484 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments
  • Self Extractable Archive by EXEpress CX Copyright(C) 1998-2014 Web Technology Corp. http://www.webtech.co.jp/
  • Todos os direitos reservados. Proibido o uso ou reprodução sem a licença do autor.
Company Name
  • Foxit Corporation
  • Microsoft
  • Playlist Soluções Ltda.
File Description
  • Foxit Updater
  • Playlist Digital.
  • 自己解凍実行ファイル
File Version
  • 8.3.1.531
  • 5.26.00
  • 5.0.5.06
  • 1.00
Internal Name
  • EPSFX
  • Foxit Updater
  • Playlist Digital
  • Win
Legal Copyright
  • Copyright © 1995-2012 - Playlist Soluções Ltda.
  • Copyright © 2004-2017 Foxit Software Inc. All Rights Reserved.
Original Filename
  • EPSFX.EXE
  • Foxit Updater.EXE
  • Playlist.exe
  • Win.exe
Product Name
  • Foxit Updater
  • Playlist Digital
  • Win
Product Version
  • 8.3.1.531
  • 5.26.00
  • 5.0.5.06
  • 1.00

File Traits

  • 2+ executable sections
  • big overlay
  • CAB (In Overlay)
  • HighEntropy
  • imgui
  • No Version Info
  • vb6
  • x86

Block Information

Total Blocks: 630
Potentially Malicious Blocks: 139
Whitelisted Blocks: 490
Unknown Blocks: 1

Visual Map

0 x 0 x x x x 0 x x x x 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 x x x x x x x x x x x 0 x x x x 0 x x x x x x x 0 x x 0 x x x x x x 0 x 0 0 0 0 0 0 x x x x x 0 x x x x x 0 x 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x 0 x x x 1 x x x 0 x x x x x x x x x x 0 x 0 x x x x x ? x x 0 x x x x x 0 x x x x x x x x x x 0 x x x x x x x x x x x x x x x 0 x 0 x x x x x x 0 0 0 x x 0 x x x 0 0 0 0 x x x x x x x x x 0 x x 0 0 0 0 0 0 x 2 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 0 0 0 2 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 2 3 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Chapak.DA
  • Draobo.A
  • Farfli.AG
  • Outbrowse.CG
  • Tyuyan.B
Show More
  • Ursnif.AD

Files Modified

File Attributes
c:\users\user\downloads\eventos\22-02-2026.log Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\playlist software\playlist digital\config::language PT_BR RegNtPreCreateKey

Windows API Usage

Category API
Other Suspicious
  • SetWindowsHookEx
User Data Access
  • GetComputerName
  • GetUserObjectInformation
Anti Debug
  • IsDebuggerPresent
Network Winsock2
  • WSAStartup
  • WSAttemptAutodialName
Network Winsock
  • connect
  • freeaddrinfo
  • getaddrinfo
  • send
  • socket

Related Posts

Trending

Most Viewed

Loading...