/psmalware

Powershell Malware

Primary LanguagePowerShellGNU General Public License v3.0GPL-3.0

PSMalware

Purely-Powershell Malware.

Only caught by UAC.

Bypasses AV as of 2019.

Malware Rough Breakthrough

Includes

  • Bypass
  • Register Alterations
  • Persistence
  • Event Clears
  • Encoding
  • Compression
  • Splitting
  • String formatting

Version 1

  • Runs only on host computer.
  • Kills execution within a VM.
  • Payload: Stop-computer

Version 2

  • Allows VM execution.
  • Includes 3 execution halts for easier reversing.
  • More obfuscation, encoding, string formats.
  • Payload: Stop-computer