Infdefaultinstall.md

UPDATE BOOKMARKS - PROJECT MOVED TO A DEDICATED PROJECT SITE. THIS SITE WILL NOT BE UPDATED ANYMORE, BUT WILL BE KEPT FOR HISTORICAL REASONS.

New site: https://github.com/LOLBAS-Project/LOLBAS Web portal: https://lolbas-project.github.io/

InfDefaultInstall.exe

• Functions: Execute

InfDefaultInstall.exe Infdefaultinstall.inf

Acknowledgements:

• Kyle Hanslovan - @kylehanslovan

Code sample:

• Infdefaultinstall.inf
• Infdefaultinstall_calc.sct

Resources:

• https://twitter.com/KyleHanslovan/status/911997635455852544
• https://gist.github.com/KyleHanslovan/5e0f00d331984c1fb5be32c40f3b265a
• https://blog.conscioushacker.io/index.php/2017/10/25/evading-microsofts-autoruns/

Full path:

c:\windows\system32\Infdefaultinstall.exe
c:\windows\sysWOW64\Infdefaultinstall.exe

Notes: Some specific details about the binary file.