Overview

overview

7

Static

static

3

CWindowsSy....0.zip

windows7-x64

1

CWindowsSy....0.zip

windows10-2004-x64

1

Certificat...ps1xml

windows7-x64

3

Certificat...ps1xml

windows10-2004-x64

7

Diagnostic...ps1xml

windows7-x64

3

Diagnostic...ps1xml

windows10-2004-x64

7

DotNetType...at.xml

windows7-x64

3

DotNetType...at.xml

windows10-2004-x64

1

Event.Format.ps1xml

windows7-x64

3

Event.Format.ps1xml

windows10-2004-x64

7

FileSystem...ps1xml

windows7-x64

3

FileSystem...ps1xml

windows10-2004-x64

7

Help.format.ps1

windows7-x64

3

Help.format.ps1

windows10-2004-x64

3

HelpV3.format.xml

windows7-x64

3

HelpV3.format.xml

windows10-2004-x64

1

PSEvents.dll

windows10-2004-x64

1

PowerShell...at.ps1

windows7-x64

3

PowerShell...at.ps1

windows10-2004-x64

3

PowerShell...ps1xml

windows7-x64

3

PowerShell...ps1xml

windows10-2004-x64

7

Registry.f...ps1xml

windows7-x64

3

Registry.f...ps1xml

windows10-2004-x64

7

WSMan.Format.ps1xml

windows7-x64

3

WSMan.Format.ps1xml

windows10-2004-x64

7

getevent.types.ps1

windows7-x64

3

getevent.types.ps1

windows10-2004-x64

3

powershell.exe

windows10-2004-x64

3

powershell.exe.config

windows7-x64

3

powershell.exe.config

windows10-2004-x64

3

powershell_ise.exe

windows7-x64

3

powershell_ise.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    CWindowsSysWOW64WindowsPowerShellv1.0.zip

  • Size

    390KB

  • MD5

    72208c9824a0905eea78504bf5548f3f

  • SHA1

    e012154db658386640ea258b40669cef453f76d0

  • SHA256

    bcbbc75f0392d1ff67305d49fdf9be5e336fbc3ab8efb9692d11d59b284b4bcb

  • SHA512

    6ae58ba22057b05580f78ba7abc5bc1317cc002e28a5763fcfb154e9bc92d274bd13ef4e7ff5610e1d22e72f007450b50780f2dc7ecd5c66a9458971c0fcc613

  • SSDEEP

    12288:/ajN1wx+1Bl/kpck0hcMgdFsxQPxnKsoiL5qI/WciB:ijXrZ/IcnhEs2lKsouDecs

Score
3/10

Malware Config

Signatures

  • Unsigned PE 5 IoCs

    Checks for missing Authenticode signature.

Files

  • CWindowsSysWOW64WindowsPowerShellv1.0.zip
    .zip
  • Certificate.format.ps1xml
  • Diagnostics.Format.ps1xml
  • DotNetTypes.format.ps1xml
    .xml
  • Event.Format.ps1xml
  • FileSystem.format.ps1xml
  • Help.format.ps1xml
    .ps1
  • HelpV3.format.ps1xml
    .xml
  • PSEvents.dll
    .dll windows:10 windows x86 arch:x86


    Headers

    Sections

  • PowerShellCore.format.ps1xml
    .ps1
  • PowerShellTrace.format.ps1xml
  • Registry.format.ps1xml
  • WSMan.Format.ps1xml
  • getevent.types.ps1xml
    .ps1
  • powershell.exe
    .exe windows:10 windows x86 arch:x86

    9f91c97560360686d37b0e311bb8bd64


    Headers

    Imports

    Sections

  • powershell.exe.config
  • powershell_ise.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • powershell_ise.exe.config
    .xml
  • pspluginwkr.dll
    .dll windows:6 windows x86 arch:x86

    42e96c9d6b7177141016b69f4c2c69aa


    Headers

    Imports

    Exports

    Sections

  • pwrshmsg.dll
    .dll windows:10 windows x86 arch:x86


    Headers

    Sections

  • types.ps1xml
    .ps1
  • typesv3.ps1xml