Command-line analyzer

Paste a suspicious command. Get deobfuscation, LOLBAS matching, and a shareable permalink — instantly.

0 commands analyzed

Try an example

EncodingEncoded PowerShell (UTF-16LE)

JAB prefix → UTF-16LE base64 — classic Lumma/Latrodectus loader pattern

EncodingGzip-compressed payload

H4sI prefix → gzip inside base64 — used by ClickFix and QakBot stages

Encoding2-layer: gzip → base64 (nested loader)

Outer gzip layer decompresses to a PS command containing a second base64 payload — 2 decode passes required

Need private submissions, higher limits, or team workspaces?