Malicious
Malicious
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
b516ec6c6b37618ad65080a063270ea4
Sha1
b9f25b21eccbcca77adb11a0e613d4eca4e38442
Sha256
22180919f562fb9f6e50d7f20b2eb3f94eb009c212b74b45cf77659fe8274d5b
Sha384
afbb2816ec7d7fc9eeee52fbb6089de5cf5b0232e44d031ddd426db4265661a6abaa527bafc6a4de84ef395116a98f8d
Sha512
c75f7f46c8579b23f786dacf4ef5668b11df07c8dfda692f0bde9bfc8f9332ad8953ea637a7e78be762feff3232fa2fe79efa48e87136cf98bb1a6aa1b27c9b6
SSDeep
768:ICrvbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAO:DrvU
TLSH
3A540590D249A4FEC8DFF4F006152F643AA575F3B1D0C3B64A624B6369CBAC29F18176
File Structure
b516ec6c6b37618ad65080a063270ea4
Malicious
LNK CommandLine
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
[Deobfuscated PS]
Malicious
[PowerShell Command]
Malicious
[Lnk Summary]
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
[Deobfuscated PS]
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
Artefacts
Name
 Value
Deobfuscated PowerShell

$ofuw873 ""
Deobfuscated PowerShell

$ofuw873
Deobfuscated PowerShell

$ofuw873 " IconLocation: %ProgramFiles%\\Google\\Chrome\\Application\\chrome.exe ExtraData: EnvironmentVariableDataBlock: headerBlockSize: 788 (0x314) BlockSignature: 0xA0000001 TargetAnsi: %windir%\system32\WindowsPowerShell\v1.0\powershell.exe TargetUnicode: %windir%\system32\WindowsPowerShell\v1.0\powershell.exe"
Deobfuscated PowerShell

$ofuw873 iconlocation: "%ProgramFiles%\\Google\\Chrome\\Application\\chrome.exe" extradata: environmentvariabledatablock: headerblocksize: 788 788 blocksignature: "-1610612735" targetansi: "%windir%\system32\WindowsPowerShell\v1.0\powershell.exe" targetunicode: "%windir%\system32\WindowsPowerShell\v1.0\powershell.exe"
b516ec6c6b37618ad65080a063270ea4 (304.44 KB)
File Structure
b516ec6c6b37618ad65080a063270ea4
Malicious
LNK CommandLine
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
[Deobfuscated PS]
Malicious
[PowerShell Command]
Malicious
[Lnk Summary]
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
[Deobfuscated PS]
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
Deobfuscated PowerShell

$ofuw873 ""

Malicious

b516ec6c6b37618ad65080a063270ea4 > LNK CommandLine > [PowerShell Command]
Deobfuscated PowerShell

$ofuw873

Malicious

b516ec6c6b37618ad65080a063270ea4 > LNK CommandLine > [Deobfuscated PS] > [PowerShell Command]
Deobfuscated PowerShell

$ofuw873 " IconLocation: %ProgramFiles%\\Google\\Chrome\\Application\\chrome.exe ExtraData: EnvironmentVariableDataBlock: headerBlockSize: 788 (0x314) BlockSignature: 0xA0000001 TargetAnsi: %windir%\system32\WindowsPowerShell\v1.0\powershell.exe TargetUnicode: %windir%\system32\WindowsPowerShell\v1.0\powershell.exe"

Malicious

b516ec6c6b37618ad65080a063270ea4 > [Lnk Summary] > [PowerShell Command]
Deobfuscated PowerShell

$ofuw873 iconlocation: "%ProgramFiles%\\Google\\Chrome\\Application\\chrome.exe" extradata: environmentvariabledatablock: headerblocksize: 788 788 blocksignature: "-1610612735" targetansi: "%windir%\system32\WindowsPowerShell\v1.0\powershell.exe" targetunicode: "%windir%\system32\WindowsPowerShell\v1.0\powershell.exe"

Malicious

b516ec6c6b37618ad65080a063270ea4 > [Lnk Summary] > [Deobfuscated PS] > [PowerShell Command]
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙