PS2EXE icon indicating copy to clipboard operation
PS2EXE copied to clipboard

Published 20 hours ago verified publisher icon rzander

ps2exe.azurewebsites.net Flagged as virus/malware

Open thmmsn opened this issue 3 years ago • 1 comments

Hi. Couldn't find any issues reported here on GH, but several on reddit...

Tested your web app today and Defender for Business reported the exported .exe as malware. A scan on https://virustotal.com detected malicious code.

The following link contains a simple script containing only the command Copy-Item https://www.virustotal.com/gui/file/e1cd98fe2ef47cd1f8bf0e396eef2cbe6b7de8234d9a89573c200952bc208232/detection

https://www.reddit.com/r/PowerShell/comments/s2h6f1/powershell_script_converted_to_scriptexe_anti/

thmmsn avatar Feb 20 '22 15:02 thmmsn

An unsigned executable that runs Base64 encoded powershell code is suspicious... Nothing to add. Try to sign the executable and check if its still reported...

rzander avatar Feb 21 '22 20:02 rzander

More probable than not, this is a trojan, it drops files and checks language settings. Has that baked in Russian malware

connor33341 avatar Aug 02 '24 23:08 connor33341

The tool is OpenSource, you can check the code and compile your own instance if you do not trust the published instance...

rzander avatar Aug 03 '24 07:08 rzander