Run Lola-bin, run…

February 13, 2020 in Anti-Forensics, Living off the land, LOLBins

@bohops described an interesting way to load COM objects via rundll32 using a less-known command line argument ‘-sta’ in his two posts back in 2018.

In this post I document one more and also not that well known command line argument of rundll32.exe which is ‘-localserver’.

To test it you need to register a COM object that points to c:\test\test.dll:

Windows Registry Editor Version 5.00

and then run:

rundll32.exe -localserver 01234567-0123-0123-0123-0123456789ab

Comments are closed.