public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-07-29 13:42:18 +02:00
Code Issues Projects Releases Wiki Activity

Archiving off legacy LOLUtilz

Browse Source
This commit is contained in:
Wietze
2021-10-25 21:32:59 +01:00
parent 6df5ef310a
commit ca11578655
22 changed files with 0 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
Archive-Old-Version/LOLUtilz/OtherBinaries/aswrundll.yml Normal file
View File

@@ -0,0 +1,20 @@
Name: aswrundll.exe
Description: This process is used by AVAST antivirus to run and execute any modules
Author: Eli Salem
Created: '2019-03-19'
Commands:
- Command: '"C:\Program Files\Avast Software\Avast\aswrundll" "C:\Users\Public\Libraries\tempsys\module.dll"'
Description: Load and execute modules using aswrundll
Usecase: Execute malicious modules using aswrundll.exe
Category: Execute
Privileges: Any
OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10
Full_Path:
- Path: 'C:\Program Files\Avast Software\Avast\aswrundll'
Code_Sample:
- Code: '["C:\Program Files\Avast Software\Avast\aswrundll" "C:\Users\Public\Libraries\tempsys\module.dll" "C:\Users\module.dll"]'
Resources:
- Link: https://www.cybereason.com/blog/information-stealing-malware-targeting-brazil-full-research
Acknowledgement:
- Person: Eli Salem
handle: 'https://www.linkedin.com/in/eli-salem-954728150'