Skip to content

Instantly share code, notes, and snippets.

@beemparthiban

beemparthiban/Commonly abused DLL's for side-loading attack

Created November 28, 2022 20:41
Show Gist options
  • Save beemparthiban/41b1c881a171707da0297fe50c01db4a to your computer and use it in GitHub Desktop.
Save beemparthiban/41b1c881a171707da0297fe50c01db4a to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Commonly abused DLL's for side-loading attack
rzlog4cpp.dll --> Razor application, DateCheck.exe
libvlc.dll --> VLC Media Player application vlc.exe
ciscosparklauncher.dll --> ciscocollabhost.exe
RzLog4CPP_Logger.dll --> Netsky.exe, a Razer Chromium Render Process
version.dll --> msbuild.exe
SYSMSRV.dll --> smstore.exe
@beemparthiban
Copy link
Author

Good VT hunting query to detect sideloaded DLLs is below,

tag:pedll p:2+ (name="rzlog4cpp.dll" OR name="libvlc.dll" OR name="ciscosparklauncher.dll" OR name="RzLog4CPP_Logger.dll" OR name="SYSMSRV.dll")

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment