mirror of
https://github.com/LOLBAS-Project/LOLBAS
synced 2024-12-26 14:59:03 +01:00
Merge pull request #29 from elisalem5389/master
Add aswrundll.exe non microsoft lolbin
This commit is contained in:
commit
8390246c37
20
yml/LOLUtilz/OtherBinaries/aswrundll.yml
Normal file
20
yml/LOLUtilz/OtherBinaries/aswrundll.yml
Normal file
@ -0,0 +1,20 @@
|
||||
Name: aswrundll.exe
|
||||
Description: This process is used by AVAST antivirus to run and execute any modules
|
||||
Author: Eli Salem
|
||||
Created: 19\03\2019
|
||||
Commands:
|
||||
- Command: "C:\Program Files\Avast Software\Avast\aswrundll" "C:\Users\Public\Libraries\tempsys\module.dll"
|
||||
Description: Load and execute modules using aswrundll
|
||||
Usecase: Execute malicious modules using aswrundll.exe
|
||||
Category: Execute
|
||||
Privileges: Any
|
||||
OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10
|
||||
Full_Path:
|
||||
- Path: C:\Program Files\Avast Software\Avast\aswrundll
|
||||
Code_Sample:
|
||||
- Code: ["C:\Program Files\Avast Software\Avast\aswrundll" "C:\Users\Public\Libraries\tempsys\module.dll" "C:\Users\module.dll"]
|
||||
Resources:
|
||||
- Link: https://www.cybereason.com/blog/information-stealing-malware-targeting-brazil-full-research
|
||||
Acknowledgement:
|
||||
- Person: Eli Salem
|
||||
handle: https://www.linkedin.com/in/eli-salem-954728150
|
Loading…
Reference in New Issue
Block a user