Names | Hotwax | |
Category | Malware | |
Type | Loader | |
Description | HOTWAX is a module that upon starting imports all necessary system API functions, and searches for a .CHM file. HOTWAX decrypts a payload using the Spritz algorithm with a hard-coded key and then searches the target process and attempts to inject the decrypted payload module from the CHM file into the address space of the target process. | |
Malpedia | <https://malpedia.caad.fkie.fraunhofer.de/details/win.hotwax> |
Last change to this tool card: 24 April 2021
Download this tool card in JSON format
Changed | Name | Country | Observed | ||
APT groups | |||||
![]() | Lazarus Group, Hidden Cobra, Labyrinth Chollima | ![]() | 2007-Jun 2022 ![]() | ![]() |
1 group listed (1 APT, 0 other, 0 unknown)
Digital Service Security Center Follow us on![]() ![]() |
Report incidents |
|
![]() |
+66 (0)2-123-1227 | |
![]() |
[email protected] |