diff --git a/modules/signatures/powershell_command.py b/modules/signatures/powershell_command.py
index e8ae0a5fa..d7c952b01 100644
--- a/modules/signatures/powershell_command.py
+++ b/modules/signatures/powershell_command.py
@@ -87,17 +87,31 @@ def run(self):
                 if "-e " in lower or "/e " in lower or "-en " in lower or "/en " in lower or "-enc" in lower or "/enc" in lower:
                     b64strings = re.findall(r'[-\/][eE][nNcCoOdDeEmMaA]{0,13}\ (\S+)', cmdline)
                     for b64string in b64strings:
+                        b64 = True
                         encoded = str(b64string)
-                        if re.match('^([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{2}==)?$', encoded):
+                        try:
+                            base64.b64decode(encoded)
+                        except binascii.Error:
+                            b64 = False
+                        if b64:
                             decoded = base64.b64decode(encoded)
+                            if "\\x00" in decoded:
+                                decoded = base64.b64decode(encoded).decode('UTF-16') 
                             self.data.append({"decoded_base64_string" : convert_to_printable(decoded)})
 
                 if "frombase64string(" in lower:
                     b64strings = re.findall(r'[fF][rR][oO][mM][bB][aA][sS][eE]64[sS][tT][rR][iI][nN][gG]\([\"\'](\S+)[\"\']\)', cmdline)
                     for b64string in b64strings:
+                        b64 = True
                         encoded = str(b64string)
-                        if re.match('^([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{2}==)?$', encoded):
+                        try:
+                            base64.b64decode(encoded)
+                        except binascii.Error:
+                            b64 = False
+                        if b64:
                             decoded = base64.b64decode(encoded)
+                            if "\\x00" in decoded:
+                                decoded = base64.b64decode(encoded).decode('UTF-16') 
                             self.data.append({"decoded_base64_string" : convert_to_printable(decoded)})
 
         return ret
@@ -166,6 +180,8 @@ def run(self):
                             ret = True
                             self.data.append({"command" : cmdline})
                             decoded = base64.b64decode(encoded)
+                            if "\\x00" in decoded:
+                                decoded = base64.b64decode(encoded).decode('UTF-16')
                             self.data.append({"decoded_base64_string" : convert_to_printable(decoded)})
 
                 if "frombase64string(" in lower:
@@ -176,6 +192,8 @@ def run(self):
                             ret = True
                             self.data.append({"command" : cmdline})
                             decoded = base64.b64decode(encoded)
+                            if "\\x00" in decoded:
+                                decoded = base64.b64decode(encoded).decode('UTF-16')
                             self.data.append({"decoded_base64_string" : convert_to_printable(decoded)})
 
         return ret