Malicious
General
Structural Analysis
Config.0
Yara Rules3
Sync
Insights
Community
Infection Chain
Summary by MalvaGPT
Characteristics
|
Hash | Hash Value |
|---|---|
| MD5 | deaff9ee7db8fc1eebfb3991e58721fe
|
| Sha1 | dfb9b1b58bdee65142c1bd150448f6797773a228
|
| Sha256 | 28adff809baac70a406306824a50283b2d76b1ad160b806d12d1b4d5c9ea0aec
|
| Sha384 | 5229a1e9cb59410929c174e73cc6ba8549b00b78b0423f820fa869d893b3a3d77085f52c3a11bbfa61d9ced0d0b82e00
|
| Sha512 | b07cb50ac6ad7793c52c77d38915203891efc7a492f6ed01e2051f18f65ba5570932dd61d01a54947be7bdf0880d92fe61fa289be07f8a1db5dc4aca2de5075d
|
| SSDeep | 49152:wzyp1A7BjgNgd1jd+Wi5AheI9e1XPRAF2xVKS4c/5mt/Rcw6YCbipnbQM2ISVg+p:Z
|
| TLSH | 9516A72029EF501EB3B3AEAD4BD4B9AF995EF773260B64B9207103464323942DDD1739
|
File Structure
28ADFF809BAAC70A406306824A50283B2D76B1AD160B806D12D1B4D5C9EA0AEC.ps1
Contains Base64 Block
Base64 Block
Base64 Payload
PowerShell
DeObfuscated
RAT
zgRAT
Executable
PE (Portable Executable)
.Net Obfuscator
.Net Reactor
Malicious
[Base64-Block @0x000056CC]
Base64 Block
[Deobfuscated PS]
DeObfuscated
PowerShell
Contains Base64 Block
Base64 Block
Base64 Payload
Malicious
[Deobfuscated PS]
DeObfuscated
PowerShell
Contains Base64 Block
Base64 Block
Base64 Payload
Malicious
[Deobfuscated PS]
DeObfuscated
PowerShell
Contains Base64 Block
Base64 Block
Base64 Payload
Malicious
[Deobfuscated PS]
DeObfuscated
PowerShell
Contains Base64 Block
Base64 Block
Base64 Payload
Malicious
[Base64-Block]
Base64 Block
RAT
zgRAT
Executable
PE (Portable Executable)
Win 32 Exe
x86
.Net Obfuscator
.Net Reactor
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0-preview.png
ID:0002
ID:0
ID:0003
ID:0
ID:0004
ID:0
ID:0005
ID:0
ID:0006
ID:0
ID:0007
ID:0
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
28ADFF809BAAC70A406306824A50283B2D76B1AD160B806D12D1B4D5C9EA0AEC.ps1 (4.2 MB)
File Structure
28ADFF809BAAC70A406306824A50283B2D76B1AD160B806D12D1B4D5C9EA0AEC.ps1
Contains Base64 Block
Base64 Block
Base64 Payload
PowerShell
DeObfuscated
RAT
zgRAT
Executable
PE (Portable Executable)
.Net Obfuscator
.Net Reactor
Malicious
[Base64-Block @0x000056CC]
Base64 Block
[Deobfuscated PS]
DeObfuscated
PowerShell
Contains Base64 Block
Base64 Block
Base64 Payload
Malicious
[Deobfuscated PS]
DeObfuscated
PowerShell
Contains Base64 Block
Base64 Block
Base64 Payload
Malicious
[Deobfuscated PS]
DeObfuscated
PowerShell
Contains Base64 Block
Base64 Block
Base64 Payload
Malicious
[Deobfuscated PS]
DeObfuscated
PowerShell
Contains Base64 Block
Base64 Block
Base64 Payload
Malicious
[Base64-Block]
Base64 Block
RAT
zgRAT
Executable
PE (Portable Executable)
Win 32 Exe
x86
.Net Obfuscator
.Net Reactor
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0-preview.png
ID:0002
ID:0
ID:0003
ID:0
ID:0004
ID:0
ID:0005
ID:0
ID:0006
ID:0
ID:0007
ID:0
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.
You must be signed in to post a comment.