LOLBAS/Zipfldr.md
2018-09-16 08:04:36 -04:00

844 B

name description functions resources fullpath notes
zipfldr.dll Compressed Folder library
execute
description code
Launch an executable payload by calling RouteTheCall. rundll32.exe zipfldr.dll,RouteTheCall calc.exe
description code
Launch an executable payload by calling RouteTheCall (obfuscated). rundll32.exe zipfldr.dll,RouteTheCall file://^C^:^/^W^i^n^d^o^w^s^/^s^y^s^t^e^m^3^2^/^c^a^l^c^.^e^x^e
resource
https://twitter.com/moriarty_meng/status/977848311603380224
resource
https://twitter.com/bohops/status/997896811904929792
resource
https://windows10dll.nirsoft.net/zipfldr_dll.html
path
c:\windows\system32\zipfldr.dll
path
c:\windows\syswow64\zipfldr.dll
Thanks to Moriarty - @moriarty_meng (Execute), r0lan - @yeyint_mth (Obfuscation)