YAPA Malware Loader Research

Research notes focused on YAPA loader activity, including .NET malware analysis, obfuscation, configuration extraction, payload staging, infrastructure, and detection ideas. Notable file names: PDFChampions, PrimePDFConvert,PDFabulous, PDFriend, KitchenCanvas, MyConvertly, Duskreader, EmberPage, InkLeaf, Paperview, Amberscroll, Tideview, PDFBlender, TotalUserManuals, onlinespeedtest, JustAskJacky, GoAskBobby, EffortlessPDF.

View YAPA posts on the blog

Research Focus

Loader analysis

EvilAI, YAPA, and TamperedChef have used many techniques and eveolutions to operate. Some of these lead to RAT/Backdoors, while some lead to Browser Search Hijackers.
Observed Techniques Examples:
- Electron
- .NET
- WIX
- Tauri
- Inno
- XOR
Configuration and Extractors
- PDFly and Ziply Extractor
- GFile Extractor
Detection opportunities
Related blog posts

YAPA-focused writeups and follow-on research can be found through the blog label page.

View YAPA posts on the blog

Related Tags

YAPA.NET MalwareLoaderDeobfuscationYARAIOCs

Blog

YAPA Research

YAPA Malware Loader Research

Research Focus

Loader analysis

Configuration and Extractors

Detection opportunities

Related blog posts

Related Tags