Extracted

• • Target

    NewPO.js

  • Size

    51KB

  • MD5

    744ae049bf8a37d2e945802c3349e240

  • SHA1

    7af3930f68e5b1c4bec8aea48b7d43e4aeff8719

  • SHA256

    4d33a89607377958b5ebe7aace8999e255d3a39d7b709bc026104975a6cc1d9c

  • SHA512

    9049cc2409c1807c47311c61e99c34bb450bd7daf573e88fbc6a464ef6a38a7afb26c314ee4ca6a82d2e17bd48f36591622a8b0bfb89b7b43f9c58380eff3e20

  • SSDEEP

    768:DUEzBbCFLKCRxwxE1k/FvZIaf9fgWQ7juipgGfvoclPfDnJPbIpDEsYOLJVK:haLvGE1ktvGaf98juipSgfJb84sYOVVK

  Score

  10^/10

  vjw0rmwshratpersistencetrojanworm

  • Vjw0rm

    Vjw0rm is a remote access trojan written in JavaScript.

    trojanwormvjw0rm

  • WSHRAT

    WSHRAT is a variant of Houdini worm and has vbs and js variants.

    trojanwshrat

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Adds Run key to start application

    persistence
  behavioral1behavioral2