[SANS ISC] Malicious Powershell using a Decoy Picture

I published the following diary on isc.sans.edu: “Malicious Powershell using a Decoy Picture“: I found another interesting piece of malicious Powershell while hunting. The file size is 1.3MB and most of the file is a PE file Base64 encoded. You can immediately detect it by checking the first characters of

[The post [SANS ISC] Malicious Powershell using a Decoy Picture has been first published on /dev/random]

Continue reading [SANS ISC] Malicious Powershell using a Decoy Picture