{"id":231345,"date":"2026-01-26T13:35:03","date_gmt":"2026-01-26T13:35:03","guid":{"rendered":"https:\/\/www.intrinsec.com\/?p=231345"},"modified":"2026-01-30T13:44:40","modified_gmt":"2026-01-30T13:44:40","slug":"phantomvai-custom-loader-built-on-an-old-runpe-utility-used-in-worldwide-campaigns","status":"publish","type":"post","link":"https:\/\/www.intrinsec.com\/en\/phantomvai-custom-loader-built-on-an-old-runpe-utility-used-in-worldwide-campaigns\/","title":{"rendered":"PhantomVAI: custom loader built on an old RunPE utility used in worldwide campaigns"},"content":{"rendered":"<div data-elementor-type=\"wp-post\" data-elementor-id=\"231345\" class=\"elementor elementor-231345\" data-elementor-settings=\"{&quot;element_pack_global_tooltip_width&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;size&quot;:&quot;&quot;,&quot;sizes&quot;:[]},&quot;element_pack_global_tooltip_width_tablet&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;size&quot;:&quot;&quot;,&quot;sizes&quot;:[]},&quot;element_pack_global_tooltip_width_mobile&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;size&quot;:&quot;&quot;,&quot;sizes&quot;:[]},&quot;element_pack_global_tooltip_padding&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;top&quot;:&quot;&quot;,&quot;right&quot;:&quot;&quot;,&quot;bottom&quot;:&quot;&quot;,&quot;left&quot;:&quot;&quot;,&quot;isLinked&quot;:true},&quot;element_pack_global_tooltip_padding_tablet&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;top&quot;:&quot;&quot;,&quot;right&quot;:&quot;&quot;,&quot;bottom&quot;:&quot;&quot;,&quot;left&quot;:&quot;&quot;,&quot;isLinked&quot;:true},&quot;element_pack_global_tooltip_padding_mobile&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;top&quot;:&quot;&quot;,&quot;right&quot;:&quot;&quot;,&quot;bottom&quot;:&quot;&quot;,&quot;left&quot;:&quot;&quot;,&quot;isLinked&quot;:true},&quot;element_pack_global_tooltip_border_radius&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;top&quot;:&quot;&quot;,&quot;right&quot;:&quot;&quot;,&quot;bottom&quot;:&quot;&quot;,&quot;left&quot;:&quot;&quot;,&quot;isLinked&quot;:true},&quot;element_pack_global_tooltip_border_radius_tablet&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;top&quot;:&quot;&quot;,&quot;right&quot;:&quot;&quot;,&quot;bottom&quot;:&quot;&quot;,&quot;left&quot;:&quot;&quot;,&quot;isLinked&quot;:true},&quot;element_pack_global_tooltip_border_radius_mobile&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;top&quot;:&quot;&quot;,&quot;right&quot;:&quot;&quot;,&quot;bottom&quot;:&quot;&quot;,&quot;left&quot;:&quot;&quot;,&quot;isLinked&quot;:true}}\" data-elementor-post-type=\"post\">\n\t\t\t\t<div class=\"elementor-element elementor-element-0f2a3c5 e-flex e-con-boxed e-con e-parent\" data-id=\"0f2a3c5\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-2344563 elementor-widget elementor-widget-text-editor\" data-id=\"2344563\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-721db8bd elementor-widget elementor-widget-text-editor\" data-id=\"721db8bd\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\"><div class=\"elementor-widget-container\"><h4>Key findings<\/h4><h4><strong>\u00a0<\/strong><\/h4><ul><li><p>Review of the literature on the use of a <strong>custom loader for worldwide campaigns<\/strong>. We encountered this loader in a DarkCloud analysis and noticed that several other security editors wrote articles on its use for malicious campaigns. The review enabled us to assess that all these editors <strong>wrote about the same loader<\/strong>, while giving it different naming which could confuse readers.<\/p><\/li><li><p>Pivots on the process hollowing function inside the loader. This function was identified as being a utility named \u201c<strong>Mandark<\/strong>\u201d, developed and open-sourced by a <strong>HackForums<\/strong>\u00a0user years ago. We explained the functioning of the utility, with details on its parameters and execution flow.<\/p><\/li><li><p>Threat hunting and Yara rule available to track this loader. Almost all samples masked as \u201c<strong>Microsoft.Win32.TaskScheduler.dll<\/strong>\u201d, based on a legitimate project found on GitHub. Detected samples were associated with different malware such as <strong>Remcos, XWorm, AsyncRAT, DarkCloud, SmokeLoader<\/strong>. We also noted the large number and variety of phishing lures.<\/p><\/li><\/ul><h4>\u00a0<\/h4><h4>Intrinsec&#039;s CTI services<\/h4><p>\u00a0<\/p><p>Organizations are facing a rise in the sophistication of threat actors and intrusion sets. To address these evolving threats, it is now necessary to take a proactive approach in the detection and analysis of any element deemed malicious. Such a hands-on approach allows companies to anticipate, or at least react as quickly as possible to the compromises they face.<\/p><p>For this report, shared with our clients in January 2025, Intrinsec relied on its Cyber Threat Intelligence service, which provides its customers with high value-added, contextualized and actionable intelligence to understand and contain cyber threats. Our CTI team consolidates data &amp; information gathered from our security monitoring services (SOC, MDR, etc.), our incident response team (CERT-Intrinsec) and custom cyber intelligence generated by our analysts using custom heuristics, honeypots, hunting, reverse-engineering &amp; pivots.<\/p><p>Intrinsec also offers various services around Cyber Threat Intelligence:<\/p><ul><li>Risk anticipation: which can be leveraged to continuously adapt the detection &amp; response capabilities of our clients&#039; existing tools (EDR, XDR, SIEM, \u2026) through:<ul><li style=\"list-style-type: none;\"><ul><li><strong>an operational feed of IOCs based on our exclusive activities.<\/strong><\/li><li><strong>threat intel notes &amp; reports, TIP-compliant.<\/strong><\/li><\/ul><\/li><\/ul><\/li><li>Digital risk monitoring:<ul><li style=\"list-style-type: none;\"><ul><li><strong>data leak detection &amp; remediation<\/strong><\/li><li><strong>external asset security monitoring (EASM)<\/strong><\/li><li><strong>brand protection<\/strong><\/li><\/ul><\/li><\/ul><\/li><\/ul><p>For more information, go to <a href=\"http:\/\/www.intrinsec.com\/en\/cyber-threat-intelligence\/\">intrinsec.com\/en\/cyber-threat-intelligence\/<\/a>.<\/p><p>Follow us on <a href=\"https:\/\/www.linkedin.com\/company\/intrinsec\/\">LinkedIn<\/a> and <a href=\"https:\/\/twitter.com\/Intrinsec\">X<\/a><\/p><\/div><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-592055d e-flex e-con-boxed e-con e-parent\" data-id=\"592055d\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-d6adba5 elementor-widget elementor-widget-button\" data-id=\"d6adba5\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-sm\" href=\"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2026\/01\/TLP-CLEAR-20260130-PhantomVAI_Loader.pdf\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">Download the report<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"<p>Key findings Review of the literature on the use of a custom loader for [\u2026]<\/p>","protected":false},"author":43,"featured_media":231356,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9,11],"tags":[160],"class_list":["post-231345","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-threat-intelligence","category-threat-intelligence-report","tag-cyber-threat-intelligence"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.0 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>PhantomVAI: custom loader built on an old RunPE utility used in worldwide campaigns - INTRINSEC<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.intrinsec.com\/en\/phantomvai-custom-loader-built-on-an-old-runpe-utility-used-in-worldwide-campaigns\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"PhantomVAI: custom loader built on an old RunPE utility used in worldwide campaigns\" \/>\n<meta property=\"og:description\" content=\"Key findings \u00a0 Review of the literature on the use of a custom loader for [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.intrinsec.com\/en\/phantomvai-custom-loader-built-on-an-old-runpe-utility-used-in-worldwide-campaigns\/\" \/>\n<meta property=\"og:site_name\" content=\"INTRINSEC\" \/>\n<meta property=\"article:published_time\" content=\"2026-01-26T13:35:03+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-01-30T13:44:40+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2026\/01\/TLP_CLEAR_20260130_BLOG_Phantom_VAI_2-1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1268\" \/>\n\t<meta property=\"og:image:height\" content=\"623\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Ruben Madar\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ruben Madar\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/phantomvai-custom-loader-built-on-an-old-runpe-utility-used-in-worldwide-campaigns\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/phantomvai-custom-loader-built-on-an-old-runpe-utility-used-in-worldwide-campaigns\\\/\"},\"author\":{\"name\":\"Ruben Madar\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/person\\\/8656db17eff6a4f9a372f5dd5bd08853\"},\"headline\":\"PhantomVAI: custom loader built on an old RunPE utility used in worldwide campaigns\",\"datePublished\":\"2026-01-26T13:35:03+00:00\",\"dateModified\":\"2026-01-30T13:44:40+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/phantomvai-custom-loader-built-on-an-old-runpe-utility-used-in-worldwide-campaigns\\\/\"},\"wordCount\":385,\"image\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/phantomvai-custom-loader-built-on-an-old-runpe-utility-used-in-worldwide-campaigns\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.intrinsec.com\\\/wp-content\\\/uploads\\\/2026\\\/01\\\/TLP_CLEAR_20260130_BLOG_Phantom_VAI_2-1.png\",\"keywords\":[\"Cyber Threat Intelligence\"],\"articleSection\":[\"Cyber Threat Intelligence\",\"Threat Intelligence Report\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/phantomvai-custom-loader-built-on-an-old-runpe-utility-used-in-worldwide-campaigns\\\/\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/phantomvai-custom-loader-built-on-an-old-runpe-utility-used-in-worldwide-campaigns\\\/\",\"name\":\"PhantomVAI: custom loader built on an old RunPE utility used in worldwide campaigns - INTRINSEC\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/phantomvai-custom-loader-built-on-an-old-runpe-utility-used-in-worldwide-campaigns\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/phantomvai-custom-loader-built-on-an-old-runpe-utility-used-in-worldwide-campaigns\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.intrinsec.com\\\/wp-content\\\/uploads\\\/2026\\\/01\\\/TLP_CLEAR_20260130_BLOG_Phantom_VAI_2-1.png\",\"datePublished\":\"2026-01-26T13:35:03+00:00\",\"dateModified\":\"2026-01-30T13:44:40+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/person\\\/8656db17eff6a4f9a372f5dd5bd08853\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/phantomvai-custom-loader-built-on-an-old-runpe-utility-used-in-worldwide-campaigns\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.intrinsec.com\\\/phantomvai-custom-loader-built-on-an-old-runpe-utility-used-in-worldwide-campaigns\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/phantomvai-custom-loader-built-on-an-old-runpe-utility-used-in-worldwide-campaigns\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/wp-content\\\/uploads\\\/2026\\\/01\\\/TLP_CLEAR_20260130_BLOG_Phantom_VAI_2-1.png\",\"contentUrl\":\"https:\\\/\\\/www.intrinsec.com\\\/wp-content\\\/uploads\\\/2026\\\/01\\\/TLP_CLEAR_20260130_BLOG_Phantom_VAI_2-1.png\",\"width\":1268,\"height\":623},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/phantomvai-custom-loader-built-on-an-old-runpe-utility-used-in-worldwide-campaigns\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/www.intrinsec.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"PhantomVAI: custom loader built on an old RunPE utility used in worldwide campaigns\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#website\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/\",\"name\":\"INTRINSEC\",\"description\":\"Notre m\u00e9tier , Prot\u00e9ger le v\u00f4tre\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.intrinsec.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/person\\\/8656db17eff6a4f9a372f5dd5bd08853\",\"name\":\"Ruben Madar\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4f72adfecdb89368517e8adc50565d7a1d7bd1baebbd3a730c5f01a81c23914a?s=96&d=retro&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4f72adfecdb89368517e8adc50565d7a1d7bd1baebbd3a730c5f01a81c23914a?s=96&d=retro&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4f72adfecdb89368517e8adc50565d7a1d7bd1baebbd3a730c5f01a81c23914a?s=96&d=retro&r=g\",\"caption\":\"Ruben Madar\"},\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/en\\\/author\\\/ruben-madar\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"PhantomVAI: custom loader built on an old RunPE utility used in worldwide campaigns - INTRINSEC","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.intrinsec.com\/en\/phantomvai-custom-loader-built-on-an-old-runpe-utility-used-in-worldwide-campaigns\/","og_locale":"en_US","og_type":"article","og_title":"PhantomVAI: custom loader built on an old RunPE utility used in worldwide campaigns","og_description":"Key findings \u00a0 Review of the literature on the use of a custom loader for [&hellip;]","og_url":"https:\/\/www.intrinsec.com\/en\/phantomvai-custom-loader-built-on-an-old-runpe-utility-used-in-worldwide-campaigns\/","og_site_name":"INTRINSEC","article_published_time":"2026-01-26T13:35:03+00:00","article_modified_time":"2026-01-30T13:44:40+00:00","og_image":[{"width":1268,"height":623,"url":"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2026\/01\/TLP_CLEAR_20260130_BLOG_Phantom_VAI_2-1.png","type":"image\/png"}],"author":"Ruben Madar","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Ruben Madar","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.intrinsec.com\/phantomvai-custom-loader-built-on-an-old-runpe-utility-used-in-worldwide-campaigns\/#article","isPartOf":{"@id":"https:\/\/www.intrinsec.com\/phantomvai-custom-loader-built-on-an-old-runpe-utility-used-in-worldwide-campaigns\/"},"author":{"name":"Ruben Madar","@id":"https:\/\/www.intrinsec.com\/#\/schema\/person\/8656db17eff6a4f9a372f5dd5bd08853"},"headline":"PhantomVAI: custom loader built on an old RunPE utility used in worldwide campaigns","datePublished":"2026-01-26T13:35:03+00:00","dateModified":"2026-01-30T13:44:40+00:00","mainEntityOfPage":{"@id":"https:\/\/www.intrinsec.com\/phantomvai-custom-loader-built-on-an-old-runpe-utility-used-in-worldwide-campaigns\/"},"wordCount":385,"image":{"@id":"https:\/\/www.intrinsec.com\/phantomvai-custom-loader-built-on-an-old-runpe-utility-used-in-worldwide-campaigns\/#primaryimage"},"thumbnailUrl":"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2026\/01\/TLP_CLEAR_20260130_BLOG_Phantom_VAI_2-1.png","keywords":["Cyber Threat Intelligence"],"articleSection":["Cyber Threat Intelligence","Threat Intelligence Report"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.intrinsec.com\/phantomvai-custom-loader-built-on-an-old-runpe-utility-used-in-worldwide-campaigns\/","url":"https:\/\/www.intrinsec.com\/phantomvai-custom-loader-built-on-an-old-runpe-utility-used-in-worldwide-campaigns\/","name":"PhantomVAI: custom loader built on an old RunPE utility used in worldwide campaigns - INTRINSEC","isPartOf":{"@id":"https:\/\/www.intrinsec.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.intrinsec.com\/phantomvai-custom-loader-built-on-an-old-runpe-utility-used-in-worldwide-campaigns\/#primaryimage"},"image":{"@id":"https:\/\/www.intrinsec.com\/phantomvai-custom-loader-built-on-an-old-runpe-utility-used-in-worldwide-campaigns\/#primaryimage"},"thumbnailUrl":"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2026\/01\/TLP_CLEAR_20260130_BLOG_Phantom_VAI_2-1.png","datePublished":"2026-01-26T13:35:03+00:00","dateModified":"2026-01-30T13:44:40+00:00","author":{"@id":"https:\/\/www.intrinsec.com\/#\/schema\/person\/8656db17eff6a4f9a372f5dd5bd08853"},"breadcrumb":{"@id":"https:\/\/www.intrinsec.com\/phantomvai-custom-loader-built-on-an-old-runpe-utility-used-in-worldwide-campaigns\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.intrinsec.com\/phantomvai-custom-loader-built-on-an-old-runpe-utility-used-in-worldwide-campaigns\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.intrinsec.com\/phantomvai-custom-loader-built-on-an-old-runpe-utility-used-in-worldwide-campaigns\/#primaryimage","url":"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2026\/01\/TLP_CLEAR_20260130_BLOG_Phantom_VAI_2-1.png","contentUrl":"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2026\/01\/TLP_CLEAR_20260130_BLOG_Phantom_VAI_2-1.png","width":1268,"height":623},{"@type":"BreadcrumbList","@id":"https:\/\/www.intrinsec.com\/phantomvai-custom-loader-built-on-an-old-runpe-utility-used-in-worldwide-campaigns\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.intrinsec.com\/"},{"@type":"ListItem","position":2,"name":"PhantomVAI: custom loader built on an old RunPE utility used in worldwide campaigns"}]},{"@type":"WebSite","@id":"https:\/\/www.intrinsec.com\/#website","url":"https:\/\/www.intrinsec.com\/","name":"INTRINSEC","description":"Our job is to protect yours.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.intrinsec.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.intrinsec.com\/#\/schema\/person\/8656db17eff6a4f9a372f5dd5bd08853","name":"Ruben Madar","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/4f72adfecdb89368517e8adc50565d7a1d7bd1baebbd3a730c5f01a81c23914a?s=96&d=retro&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/4f72adfecdb89368517e8adc50565d7a1d7bd1baebbd3a730c5f01a81c23914a?s=96&d=retro&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4f72adfecdb89368517e8adc50565d7a1d7bd1baebbd3a730c5f01a81c23914a?s=96&d=retro&r=g","caption":"Ruben Madar"},"url":"https:\/\/www.intrinsec.com\/en\/author\/ruben-madar\/"}]}},"_links":{"self":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/posts\/231345","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/users\/43"}],"replies":[{"embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/comments?post=231345"}],"version-history":[{"count":18,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/posts\/231345\/revisions"}],"predecessor-version":[{"id":231394,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/posts\/231345\/revisions\/231394"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/media\/231356"}],"wp:attachment":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/media?parent=231345"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/categories?post=231345"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/tags?post=231345"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}