Extracted

• • Target

    HK SEMI CORPORATION CO,,Ltd.pdf.js

  • Size

    3.6MB

  • MD5

    7c1b866122a8e513808e32caed12c6f6

  • SHA1

    fe31d17019b1faf1fa5a8c219bfbf1290d8c3423

  • SHA256

    6d492fc9630da1e571ef9953241ad9a594b7b702d7dfa033b06941d3b7f9f201

  • SHA512

    cd94ea8344923c1f5b007e10226ebc1bb7e1d1a1fcc0fdb0c3c14478ed5d7c78f9f1b1ac38aaa90567e49be5a5f9df320c68ad8de925620c82c5f9dd825de948

  • SSDEEP

    3072:HOcWWS20PtmUSfibfWZ17T7VE+NFlC7l75eGlGE32qXaj1slgD71dwMbb9rp6D9T:MG1SeC

  Score

  10^/10

  vjw0rmwshratpersistencetrojanworm

  • Vjw0rm

    Vjw0rm is a remote access trojan written in JavaScript.

    trojanwormvjw0rm

  • WSHRAT

    WSHRAT is a variant of Houdini worm and has vbs and js variants.

    trojanwshrat

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Adds Run key to start application

    persistence
  behavioral1behavioral2