WIN11.au3
PowerShell | MD5: 9c291e15b7685e1e010e1a72ddcb60c6 | Size: 174.79 KB | application/x-powershell
|
Hash | Hash Value |
|---|---|
| MD5 | 9c291e15b7685e1e010e1a72ddcb60c6
|
| Sha1 | 56ad1878a57979f076df907991ee5120409b7182
|
| Sha256 | c63c13fc824d6d1c9c481442940a841ffe93f6b221b7cb1e7281eeeb3b9a0641
|
| Sha384 | 3e91930c7120b49fe81d7a3249b2478b53fbc0269b5e66dd9cb952c3cb293101a93e4a61f355d26397580b2c77630115
|
| Sha512 | bead061895ab3865171cf2a40cc7bdf11daabd665a164062fbe1b896359796b7b20fd88a315405186825b87a31419b21e92d3b5fa808a2a7898be1608d6f3bc6
|
| SSDeep | 1536:Yyl6rj/aRtnAQUv/IOmq8uecqRGd7tnB32wwZzPY2/lZmHwM2ZASAcR8fLQPzDN9:Yylk/0a1bqWOtHmJCLfSRO5/jX5BQbs
|
| TLSH | 4B04C685F48C268E315A801930EDD6C2F7B77F07E5AD37863B4BA345891BE8EE65C091
|
|
Name0 | Value |
|---|---|
| Deobfuscated PowerShell | oding]::unicode.getstring ([Convert]::"FromBase64String"($encodedScript)) Invoke-Expression $decodedScript $encodedScript = "JABiAGEAcwBlADYANAB" |
| Deobfuscated PowerShell | oding]::unicode.getstring ([Convert]::"FromBase64String"($encodedScript)) Invoke-Expression $decodedScript $encodedScript = "JABiAGEAcwBlADYANAB" |
| Deobfuscated PowerShell | ript "=" "[System.Text.Encoding]::Unicode.GetString" ([Convert]::"FromBase64String"($encodedScript)) Invoke-Expression $decodedScript $encodedScript |
| Deobfuscated PowerShell | ript "=" "[System.Text.Encoding]::Unicode.GetString" ([Convert]::"FromBase64String"($encodedScript)) Invoke-Expression $decodedScript $encodedScript |
| Deobfuscated PowerShell | qaaqbvag4a $decodedscript = [system.text.encoding]::unicode.getstring([system.convert]::frombase64string($encodedscript)) invoke-expression $decode |
| Deobfuscated PowerShell | qaaqbvag4a $decodedscript = [Encoding]::"unicode"."getstring"([Convert]::"frombase64string"($encodedscript)) Invoke-Expression $decode |
| Deobfuscated PowerShell | qaaqbvag4a $decodedscript = [Encoding]::"unicode"."getstring"([Convert]::"frombase64string"($encodedscript)) Invoke-Expression $decode |
| Deobfuscated PowerShell | odedscript "=" "[System.Text.Encoding]::Unicode.GetString" ([Convert]::"FromBase64String"($encodedScript)) Invoke-Expression $decodedScript $encod |
| Deobfuscated PowerShell | odedscript "=" "[System.Text.Encoding]::Unicode.GetString" ([Convert]::"FromBase64String"($encodedScript)) Invoke-Expression $decodedScript $encod |
| Deobfuscated PowerShell | dedscript "=" "[System.Text.Encoding]::Unicode.GetString" ([Convert]::"FromBase64String"($encodedScript)) Invoke-Expression $decodedScript $en |
| Deobfuscated PowerShell | dedscript "=" "[System.Text.Encoding]::Unicode.GetString" ([Convert]::"FromBase64String"($encodedScript)) Invoke-Expression $decodedScript $en |
| Deobfuscated PowerShell | wpubwhuzm5rzg5hywqiciagicagicagicagih0kicagicagicbdciagicb9cl0kj0a7 invoke-expression ([system.text.encoding]::utf8.getstring([system.convert]::from |
| Deobfuscated PowerShell | wpubwhuzm5rzg5hywqiciagicagicagicagih0kicagicagicbdciagicb9cl0kj0a7 Invoke-Expression ([Encoding]::"utf8"."getstring"([Convert]::"from")) |
| Deobfuscated PowerShell | wpubwhuzm5rzg5hywqiciagicagicagicagih0kicagicagicbdciagicb9cl0kj0a7 Invoke-Expression ([Encoding]::"utf8"."getstring"([Convert]::"from")) |
| Deobfuscated PowerShell | zablagmacgb5ahaadablagqargb1ag4aywb0agkabwbuaa== $decodedscript = [system.text.encoding]::unicode.getstring([system.convert]::frombase64string($enco |
| Deobfuscated PowerShell | zablagmacgb5ahaadablagqargb1ag4aywb0agkabwbuaa== $decodedscript = [Encoding]::"unicode"."getstring"([Convert]::"frombase64string"($enco)) |
| Deobfuscated PowerShell | dedscript Invoke-Expression $decodedScript Start-Job -ScriptBlock your-lastfunction |
| Deobfuscated PowerShell | dedscript Invoke-Expression $decodedScript Start-Job -ScriptBlock "your-lastfunction" |
| Deobfuscated PowerShell | dedscript Invoke-Expression $decodedScript Start-Job -ScriptBlock "your-lastfunction" |
|
Name0 | Value | Location |
|---|---|---|
| Deobfuscated PowerShell | oding]::unicode.getstring ([Convert]::"FromBase64String"($encodedScript)) Invoke-Expression $decodedScript $encodedScript = "JABiAGEAcwBlADYANAB" Malicious |
WIN11.au3 > [Base64-Block] |
| Deobfuscated PowerShell | oding]::unicode.getstring ([Convert]::"FromBase64String"($encodedScript)) Invoke-Expression $decodedScript $encodedScript = "JABiAGEAcwBlADYANAB" Malicious |
WIN11.au3 > [Base64-Block] > [Deobfuscated PS] |
| Deobfuscated PowerShell | ript "=" "[System.Text.Encoding]::Unicode.GetString" ([Convert]::"FromBase64String"($encodedScript)) Invoke-Expression $decodedScript $encodedScript Malicious |
WIN11.au3 > [Base64-Block] |
| Deobfuscated PowerShell | ript "=" "[System.Text.Encoding]::Unicode.GetString" ([Convert]::"FromBase64String"($encodedScript)) Invoke-Expression $decodedScript $encodedScript Malicious |
WIN11.au3 > [Base64-Block] > [Deobfuscated PS] |
| Deobfuscated PowerShell | qaaqbvag4a $decodedscript = [system.text.encoding]::unicode.getstring([system.convert]::frombase64string($encodedscript)) invoke-expression $decode Malicious |
WIN11.au3 > [Base64-Block] |
| Deobfuscated PowerShell | qaaqbvag4a $decodedscript = [Encoding]::"unicode"."getstring"([Convert]::"frombase64string"($encodedscript)) Invoke-Expression $decode Malicious |
WIN11.au3 > [Base64-Block] > [Deobfuscated PS] |
| Deobfuscated PowerShell | qaaqbvag4a $decodedscript = [Encoding]::"unicode"."getstring"([Convert]::"frombase64string"($encodedscript)) Invoke-Expression $decode Malicious |
WIN11.au3 > [Base64-Block] > [Deobfuscated PS] > [Deobfuscated PS] |
| Deobfuscated PowerShell | odedscript "=" "[System.Text.Encoding]::Unicode.GetString" ([Convert]::"FromBase64String"($encodedScript)) Invoke-Expression $decodedScript $encod Malicious |
WIN11.au3 > [Base64-Block] |
| Deobfuscated PowerShell | odedscript "=" "[System.Text.Encoding]::Unicode.GetString" ([Convert]::"FromBase64String"($encodedScript)) Invoke-Expression $decodedScript $encod Malicious |
WIN11.au3 > [Base64-Block] > [Deobfuscated PS] |
| Deobfuscated PowerShell | dedscript "=" "[System.Text.Encoding]::Unicode.GetString" ([Convert]::"FromBase64String"($encodedScript)) Invoke-Expression $decodedScript $en Malicious |
WIN11.au3 > [Base64-Block] |
| Deobfuscated PowerShell | dedscript "=" "[System.Text.Encoding]::Unicode.GetString" ([Convert]::"FromBase64String"($encodedScript)) Invoke-Expression $decodedScript $en Malicious |
WIN11.au3 > [Base64-Block] > [Deobfuscated PS] |
| Deobfuscated PowerShell | wpubwhuzm5rzg5hywqiciagicagicagicagih0kicagicagicbdciagicb9cl0kj0a7 invoke-expression ([system.text.encoding]::utf8.getstring([system.convert]::from Malicious |
WIN11.au3 > [Base64-Block] |
| Deobfuscated PowerShell | wpubwhuzm5rzg5hywqiciagicagicagicagih0kicagicagicbdciagicb9cl0kj0a7 Invoke-Expression ([Encoding]::"utf8"."getstring"([Convert]::"from")) Malicious |
WIN11.au3 > [Base64-Block] > [Deobfuscated PS] |
| Deobfuscated PowerShell | wpubwhuzm5rzg5hywqiciagicagicagicagih0kicagicagicbdciagicb9cl0kj0a7 Invoke-Expression ([Encoding]::"utf8"."getstring"([Convert]::"from")) Malicious |
WIN11.au3 > [Base64-Block] > [Deobfuscated PS] > [Deobfuscated PS] |
| Deobfuscated PowerShell | zablagmacgb5ahaadablagqargb1ag4aywb0agkabwbuaa== $decodedscript = [system.text.encoding]::unicode.getstring([system.convert]::frombase64string($enco Malicious |
WIN11.au3 > [Base64-Block] |
| Deobfuscated PowerShell | zablagmacgb5ahaadablagqargb1ag4aywb0agkabwbuaa== $decodedscript = [Encoding]::"unicode"."getstring"([Convert]::"frombase64string"($enco)) Malicious |
WIN11.au3 > [Base64-Block] > [Deobfuscated PS] |
| Deobfuscated PowerShell | dedscript Invoke-Expression $decodedScript Start-Job -ScriptBlock your-lastfunction Malicious |
WIN11.au3 > [Base64-Block] |
| Deobfuscated PowerShell | dedscript Invoke-Expression $decodedScript Start-Job -ScriptBlock "your-lastfunction" Malicious |
WIN11.au3 > [Base64-Block] > [Deobfuscated PS] |
| Deobfuscated PowerShell | dedscript Invoke-Expression $decodedScript Start-Job -ScriptBlock "your-lastfunction" Malicious |
WIN11.au3 > [Base64-Block] > [Deobfuscated PS] > [Deobfuscated PS] |