I shot the sigverif.exe – the GUI-based LOLBin

April 27, 2018 in Living off the land, LOLBins

File Signature Verification has nothing to do with launching arbitrary applications, but it is just a similar case to odbcad32.exe – the GUI apps can sometimes be abused to produce undesired effects – ones that their authors most likely have not anticipated…

Time for the recipe.

So we launch the sigverif.exe:

Then we go to Advanced settings by clicking the Advanced button, and we choose … the log file. And while we are at it why shouldn’t we choose the c:\windows\system32\calc.exe as a destination?
We then hit the View Log button, and voila. Calculator is on the screen:

Comments are closed.