LOLBAS/yml/LOLUtilz/OtherBinaries/AcroRd32.yml

18 lines
534 B
YAML
Raw Normal View History

2018-06-09 00:15:06 +02:00
---
Name: AcroRd32.exe
Description: Execute
Author: ''
Created: 2018-05-25
2018-06-09 00:15:06 +02:00
Commands:
- Command: Replace C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe by your binary
Description: Hijack RdrCEF.exe with a payload executable to launch when opening Adobe
Full_Path:
2018-06-09 00:15:06 +02:00
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\
Code_Sample: []
2018-06-09 00:15:06 +02:00
Detection: []
Resources:
- https://twitter.com/pabraeken/status/997997818362155008
2021-01-10 16:45:25 +01:00
Acknowledgement:
- Person: Pierre-Alexandre Braeken
Handle: '@pabraeken'