Beyond good ol’ Run key, Part 76

April 22, 2018 in Anti-*, Autostart (Persistence)

Here’s yet another trick you can use to achieve persistence; this time the DLL of your choice will be loaded anytime the old-school .chm file is opened. While the documentation in this format slowly disappears from new programs you can still find plenty of software that uses it.

In order to achieve the persistence this way one has to add the following Registry key:

[HKEY_CURRENT_USER\Software\Microsoft\HtmlHelp Author]
"location"="c:\\test\\test.dll"
Share this :)

Comments are closed.