Extracted

• • Target

    HANYANG MOLD CO., LTD.js

  • Size

    296KB

  • MD5

    6a26da054c21e0e64be2ef60df1edd9e

  • SHA1

    e3b256a4996a60773aeca14d808bb52a02adf5bc

  • SHA256

    75a4a64ef3c78207491c676f86de09caa751bc19335dd3555def8f0e521815cc

  • SHA512

    c2774595561f8777ca844dad71102a91baec7015482177a3d6ad99e3a679011e0e93d6d47105a3281f05bb97fdad4176d10ff02dd6f2cf7a6f262ef94f378631

  • SSDEEP

    3072:pUBw3Cqaa0Q9p/US9ZYfKbmi6Y/+eFgJwkKtb463KMCc9K/MmMF8MIy10C/WJ3bP:pUBw3Cqaa0Q9DG53sU

  Score

  10^/10

  vjw0rmwshratpersistencetrojanworm

  • Vjw0rm

    Vjw0rm is a remote access trojan written in JavaScript.

    trojanwormvjw0rm

  • WSHRAT

    WSHRAT is a variant of Houdini worm and has vbs and js variants.

    trojanwshrat

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Adds Run key to start application

    persistence
  behavioral1behavioral2