SonicWall RTDMI ™ engine has recently detected a Nullsoft Scriptable Install System (NSIS) compiled executable file which executes new variant of ServHelper malware as a final payload. The NSIS binary contains a PowerShell script, which on execution brings another PowerShell script. The second level PowerShell script is responsible for checking and setting execution environment for […]
