infosecn1nja
/
LOLBAS
mirror of https://github.com/infosecn1nja/LOLBAS.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
LOLBAS/OSLibraries/Shell32.md

676 B
Raw Blame History

Shell32.dll

  • Functions: Execute
rundll32.exe shell32.dll,Control_RunDLL payload.dll    

rundll32.exe shell32.dll,ShellExec_RunDLL beacon.exe    

rundll32.exe shell32.dll,ShellExec_RunDLLA beacon.exe

rundll32.exe shell32.dll,ShellExec_RunDLLW beacon.exe

rundll32.exe shell32.dll,ShellExecuteEx beacon.exe

Acknowledgements:

  • Pierre-Alexandre Braeken - @pabraeken (ShellExec_RunDLL)
  • Vincent Yiu - @vysecurity (ShellExec_RunDLLA, ShellExec_RunDLLW, ShellExecuteEx)

Code sample: *

Resources:

Full path:

c:\windows\system32\shell32.dll
c:\windows\sysWOW64\shell32.dll

Notes:

Detection: