|
Hash | Hash Value |
|---|---|
| MD5 | a410106c6ff4e9821b3dfd5ee5da9492
|
| Sha1 | 749206962d68fd80d5485477b90e8e9c31d5f3a4
|
| Sha256 | 0ed61e662938f8314c4604036665c8ebc165d296def4bd8fe2f11dd9b0edf6e7
|
| Sha384 | b400916e24b5c7ba7f6cb9e08693266e7d9f972c31443de2f1ddbb34e0e6b1f0f318465ddd4faa4dc788fa1d04ab596c
|
| Sha512 | 1f3c4e557e71955abf70ea856d98ef489c009600ff4c41a954673e9118d75a62caaa385fad186e1ae9e7a3032f45831568afe9507bb7affa15f64a5a94ef24fe
|
| SSDeep | 49152:3hZLUvzmL/84Oq4ipu8O/vsEjg6o2otZ6+BhNB7mxx1yt0JEZEDS/wbVCNoO9xfo:y
|
| TLSH | 04E5AE06EE1409DCCEE04E57F8A8724E2BA8540F06A2D4DDF11DED452FFB51E7A631A2
|
|
Name0 | Value |
|---|---|
| Deobfuscated PowerShell | powershell "Script" dim @("CmdLine", "oExec", "startTime", "CurrentTime", "Timeoutsec") dim @("owmi", "processList", "processItem") cmdline "=" "powershell -ExecutionPolicy Bypass -NoProfile -WindowStyle Hidden -NonInteractive -NoLogo -File "" & scriptpath & """ set "oExec" "=" "OShell.Exec" (cmdline) starttime "=" "Timer" timeoutsec "=" 30 |
| Deobfuscated PowerShell | "Script" dim @("CmdLine", "oExec", "startTime", "CurrentTime", "Timeoutsec") dim @("owmi", "processList", "processItem") cmdline "=" "powershell -ExecutionPolicy Bypass -NoProfile -WindowStyle Hidden -NonInteractive -NoLogo -File " & scriptpath & "" set "oExec" "=" "OShell.Exec" (cmdline) starttime "=" "Timer" timeoutsec "=" 30 |
| Deobfuscated PowerShell | scriptpath & "" set "oExec" "=" "OShell.Exec" (cmdline) starttime "=" "Timer" timeoutsec "=" 30 |
| Deobfuscated PowerShell | scriptpath & "" set " oexec = oshell.exec (cmdline) starttime = timer timeoutsec = 30 |
|
Name0 | Value | Location |
|---|---|---|
| Deobfuscated PowerShell | powershell "Script" dim @("CmdLine", "oExec", "startTime", "CurrentTime", "Timeoutsec") dim @("owmi", "processList", "processItem") cmdline "=" "powershell -ExecutionPolicy Bypass -NoProfile -WindowStyle Hidden -NonInteractive -NoLogo -File "" & scriptpath & """ set "oExec" "=" "OShell.Exec" (cmdline) starttime "=" "Timer" timeoutsec "=" 30 Malicious |
a410106c6ff4e9821b3dfd5ee5da9492 > [PowerShell Command] > [PowerShell Command].deobfuscated.vbs > [PowerShell Command] |
| Deobfuscated PowerShell | "Script" dim @("CmdLine", "oExec", "startTime", "CurrentTime", "Timeoutsec") dim @("owmi", "processList", "processItem") cmdline "=" "powershell -ExecutionPolicy Bypass -NoProfile -WindowStyle Hidden -NonInteractive -NoLogo -File " & scriptpath & "" set "oExec" "=" "OShell.Exec" (cmdline) starttime "=" "Timer" timeoutsec "=" 30 Malicious |
a410106c6ff4e9821b3dfd5ee5da9492 > [PowerShell Command] > [PowerShell Command].deobfuscated.vbs > [PowerShell Command] > [Deobfuscated PS] > [PowerShell Command] |
| Deobfuscated PowerShell | scriptpath & "" set "oExec" "=" "OShell.Exec" (cmdline) starttime "=" "Timer" timeoutsec "=" 30 Malicious |
a410106c6ff4e9821b3dfd5ee5da9492 > [PowerShell Command] > [PowerShell Command].deobfuscated.vbs > [PowerShell Command] > [Deobfuscated PS] > [PowerShell Command] > [Deobfuscated PS] > [PowerShell Command] |
| Deobfuscated PowerShell | scriptpath & "" set " oexec = oshell.exec (cmdline) starttime = timer timeoutsec = 30 Malicious |
a410106c6ff4e9821b3dfd5ee5da9492 > [PowerShell Command] > [PowerShell Command].deobfuscated.vbs > [PowerShell Command] > [Deobfuscated PS] > [PowerShell Command] > [PowerShell Command] |