public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2024-12-26 06:49:09 +01:00
Code Issues Projects Releases Wiki Activity

Merge pull request #29 from elisalem5389/master

Browse Source 
Add aswrundll.exe non microsoft lolbin
This commit is contained in:
Oddvar Moe 2019-04-03 23:36:37 +02:00 committed by GitHub
commit 8390246c37
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 20 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
yml/LOLUtilz/OtherBinaries/aswrundll.yml Normal file
View File

@ -0,0 +1,20 @@
Name: aswrundll.exe
Description: This process is used by AVAST antivirus to run and execute any modules
Author: Eli Salem
Created: 19\03\2019
Commands:
- Command: "C:\Program Files\Avast Software\Avast\aswrundll" "C:\Users\Public\Libraries\tempsys\module.dll"
Description: Load and execute modules using aswrundll
Usecase: Execute malicious modules using aswrundll.exe
Category: Execute
Privileges: Any
OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10
Full_Path:
- Path: C:\Program Files\Avast Software\Avast\aswrundll
Code_Sample:
- Code: ["C:\Program Files\Avast Software\Avast\aswrundll" "C:\Users\Public\Libraries\tempsys\module.dll" "C:\Users\module.dll"]
Resources:
- Link: https://www.cybereason.com/blog/information-stealing-malware-targeting-brazil-full-research
Acknowledgement:
- Person: Eli Salem
handle: https://www.linkedin.com/in/eli-salem-954728150