diff --git a/data/exploits/mysql/lib_mysqludf_sys_32.dll b/data/exploits/mysql/lib_mysqludf_sys_32.dll
index 0ea90105d4..2a3ef0e056 100755
Binary files a/data/exploits/mysql/lib_mysqludf_sys_32.dll and b/data/exploits/mysql/lib_mysqludf_sys_32.dll differ
diff --git a/data/exploits/mysql/lib_mysqludf_sys_64.dll b/data/exploits/mysql/lib_mysqludf_sys_64.dll
index 3de734fc9f..773af57df3 100755
Binary files a/data/exploits/mysql/lib_mysqludf_sys_64.dll and b/data/exploits/mysql/lib_mysqludf_sys_64.dll differ
diff --git a/documentation/modules/exploit/multi/mysql/mysql_udf_payload.md b/documentation/modules/exploit/multi/mysql/mysql_udf_payload.md
index 6c2bbd2321..d5a0823794 100644
--- a/documentation/modules/exploit/multi/mysql/mysql_udf_payload.md
+++ b/documentation/modules/exploit/multi/mysql/mysql_udf_payload.md
@@ -1,6 +1,10 @@
 ## Vulnerable Application
 
 This vulnerability expoits mysql by adding a .so or .dll file which has a system call in it to the plugins folder.
+The Windows dll files are provided by [@stamparm](https://github.com/stamparm) of the sqlmap project and are
+located [here](https://github.com/rapid7/metasploit-framework/files/1879611/mysql_udf_libs.zip).  As noted
+in [#9677](https://github.com/rapid7/metasploit-framework/issues/9677#issuecomment-378893925) these are 'de-cloaked' versions,
+which may attract AV attention.
 The file is then loaded by mysql, and arbitrary commands can be run.  There are several caveats for this to
 function however, including:
 1. `secure_file_priv`, a mysql setting, must be changed from the default to allow writing