Is openssh.ps1 Malware?

Recently I have download Windows 10 VM from Microsoft’s site. Today, in c:\ drive I saw a folder named BGinfo which I know I had not created.

After opening it saw two files,


In openssh.ps1  file found URL,


After accessing URL, SSH setup executable file download. After searching URL in VirusTotal 

result shows, 2 AV detected it as Malware out of 62.

During the investigation I found, there is a BGinfo program added in Startup program. (I disabled it later).


And SSH installed on the server and services running in task scheduler.

I ran procmon and netmon to analyze the behavior. I haven’t found any unusual activity/call/traffic from/to remote server and not found any process/executable running in background.

During the analysis I haven’t run this PowerShell script.

VirusTotal –  [Link here]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.