Sitting on the Lolbins, 11

August 31, 2019 in Anti-Forensics, Living off the land, LOLBins, Reusigned Binaries

A programmer who wrote a lolbin I presented previously is probably the same coder that wrote another program for Dell – an application called Dell WebUpdater Executable.

Same as in the previous example, one needs to create a DLL with a name that is using a file name of a main lolbinish executable, and suffixed with wupd.dll, i.e. testwupd.dll for test.exe.

Verified:       Signed
Signing date:   04:38 2008-02-25
Publisher:      Dell Inc.
Company:        n/a
Description:    Dell WebUpdater Executable
Product:        Dell WebUpdater
Prod version:   1.95.0.0
File version:   1.95.0.0
MachineType:    32-bit

Sample: 6FBD2979F6E8E7AE0A85AB20DADC7BD1BC70AD2F76B399F3CD287AE8D1B06BFE

Share this :)

Comments are closed.