Top issues
Problem
Software components contain executable code that performs actions implemented during its development. These actions are called behaviors. In the analysis report, behaviors are presented as human-readable descriptions that best match the underlying code intent. While most behaviors are benign, some are commonly abused by malicious software with the intent to cause harm. When a software package shares behavior traits with malicious software, it may become flagged by security solutions. Any detection from security solutions can cause friction for the end-users during software deployment. While the behavior is likely intended by the developer, there is a small chance this detection is true positive, and an early indication of a software supply chain attack.Prevalence in PowerShell Gallery community
13 packages
found in
Top 100
179 packages
found in
Top 1k
969 packages
found in
Top 10k
1540 packages
in community
Next steps
Investigate reported detections.
If the software intent does not relate to the reported behavior, investigate your build and release environment for software supply chain compromise.
You should delay the software release until the investigation is completed, or until the issue is risk accepted.
Consider rewriting the flagged code without using the marked behaviors.
Problem
Obfuscation is a process of mangling the software code legibility. Obfuscation can be applied to both the application source and its compiled code counterpart. In both cases, obfuscation can interfere with the accuracy of security and software quality assessment solutions. For this reason, obfuscation is a technique commonly used by malicious actors as a means of bypassing security solutions and avoiding detection. While presence of obfuscation does not imply malicious intent, all of its uses in a software package should be documented and approved. One example of acceptable use for code obfuscation is minimizing the size of script files that are not intended to be read by humans. In such a case, the trade-off between file size and code legibility is considered acceptable.Prevalence in PowerShell Gallery community
0 packages
found in
Top 100
6 packages
found in
Top 1k
39 packages
found in
Top 10k
59 packages
in community
Next steps
Investigate reported detections as indicators of software tampering.
Consult Mitre ATT&CK documentation: T1027 - Obfuscated Files or Information.
Consider an alternative to code obfuscation to lower the risk of being mistakenly flagged by security solutions.
Top behaviors
Loads additional snap-ins or modules to the current session.
payload
Prevalence in PowerShell Gallery community
Behavior often found in this community (Common)
90 packages
found in
Top 100
509 packages
found in
Top 1k
3113 packages
found in
Top 10k
5185 packages
in community
Invokes commands obfuscated by format string permutations.
execution
Prevalence in PowerShell Gallery community
Behavior commonly used by malicious software (Important)
Behavior uncommon for this community (Uncommon)
0 packages
found in
Top 100
0 packages
found in
Top 1k
3 packages
found in
Top 10k
3 packages
in community
Interacts with Microsoft .NET Framework code, types and assemblies.
execution
Prevalence in PowerShell Gallery community
Behavior often found in this community (Common)
100 packages
found in
Top 100
804 packages
found in
Top 1k
6518 packages
found in
Top 10k
11726 packages
in community
Executes Pester tests for Windows PowerShell.
execution
Prevalence in PowerShell Gallery community
Behavior often found in this community (Common)
6 packages
found in
Top 100
142 packages
found in
Top 1k
735 packages
found in
Top 10k
1176 packages
in community
Evaluates code dynamically.
execution
Prevalence in PowerShell Gallery community
Behavior often found in this community (Common)
53 packages
found in
Top 100
452 packages
found in
Top 1k
2940 packages
found in
Top 10k
4594 packages
in community
Top vulnerabilities
No vulnerabilities found.