~/ cat Ieadvpack.dll.md █
INF installer for Internet Explorer. Has much of the same functionality as advpack.dll.
Paths:
c:\windows\system32\ieadvpack.dll
c:\windows\syswow64\ieadvpack.dll
Detection:
AWL bypass
Execute the specified (local or remote) .wsh/.sct script with scrobj.dll in the .inf file by calling an information file directive (section name specified).
rundll32.exe ieadvpack.dll,LaunchINFSection c:\test.inf,DefaultInstall_SingleUser,1,
Execute the specified (local or remote) .wsh/.sct script with scrobj.dll in the .inf file by calling an information file directive (DefaultInstall section implied).
rundll32.exe ieadvpack.dll,LaunchINFSection c:\test.inf,,1,
Execute
Launch a DLL payload by calling the RegisterOCX function.
rundll32.exe ieadvpack.dll,RegisterOCX test.dll
Launch an executable by calling the RegisterOCX function.
rundll32.exe ieadvpack.dll,RegisterOCX calc.exe
Launch command line by calling the RegisterOCX function.
rundll32 ieadvpack.dll, RegisterOCX "cmd.exe /c calc.exe"