security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1663bf7d524b6fc8a9a39104feb2949b36368dfc
atomic-red-team/atomics/T1196/calc.cpp
T
weev3 6e65bbd146 Add T1196(Control Panel Item) (#521) 
* Add test for T1196 that pops calc.exe

* calc.cpl

* Rename T1196.md to T1196.yaml

* Create calc.cpp
2019-08-28 08:53:05 -06:00

13 lines
254 B
C++
Raw Blame History

#include <stdio.h>
#include <Windows.h>
BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID
lpReserved)
{
// malicious code
if (ul_reason_for_call == DLL_PROCESS_ATTACH)
system("c:\\windows\\system32\\calc.exe");
return 0;
}
Reference in New Issue View Git Blame Copy Permalink