Extracted

• • Target

    Ref-23105_Payment_Slip.pdf.js

  • Size

    7KB

  • MD5

    d19a87919bbe11794fd20377182b5ea3

  • SHA1

    dae311a5e72a0847636ca83c608048cab137fb6b

  • SHA256

    ea9cb59ea8cbd8d1d5f279d32aec457ad469e7e81b03d34d7c34e5cc52195aae

  • SHA512

    f2c49a869b8825b2b0de87a998fe60b4fcd4118c63413c03b23e3d78a6089c7e7d520227f8b52aaad66908d0d3f05cbc519a982a08cd41f662355008599ea23b

  • SSDEEP

    192:4cvGDlrsAQBFbOUFjqpljw4YHpC6pl7n8hU+La+KAC4aEJUe5wedK:4GGDlrsVvFWvj3YHplpxV+LawC4aE2e2

  Score

  10^/10

  wshratpersistencetrojan

  • WSHRAT

    WSHRAT is a variant of Houdini worm and has vbs and js variants.

    trojanwshrat

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Adds Run key to start application

    persistence
  behavioral1behavioral2