exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 619 RSS Feed

Files from malvuln

Email addressprivate
Websitemalvuln.com
First Active2021-01-04
Last Active2022-06-24
View User Profile
Backdoor.Win32.InfecDoor.17.c MVID-2022-0614 Insecure Permissions
Posted Jun 24, 2022
Authored by malvuln | Site malvuln.com

Backdoor.Win32.InfecDoor.17.c malware suffers from an insecure permissions vulnerability.

tags | exploit
systems | windows
SHA-256 | 3d83874665d92c5753ea0f979739fbb96e5a47c3ff77657f79b68a13a96e6218
Trojan-Mailfinder.Win32.VB.p MVID-2022-0616 Insecure Permissions
Posted Jun 24, 2022
Authored by malvuln | Site malvuln.com

Trojan-Mailfinder.Win32.VB.p malware suffers from an insecure permissions vulnerability.

tags | exploit, trojan
systems | windows
SHA-256 | eccb9f610544b46bcdf27fabac4f1f936099cd8c6b21232d4171889d289f6dd4
Backdoor.Win32.Shark.btu MVID-2022-0615 Insecure Permissions
Posted Jun 24, 2022
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Shark.btu malware suffers from an insecure permissions vulnerability.

tags | exploit
systems | windows
SHA-256 | c655d4e022fcaf26fe0ab1bc5057626705455cfc787337ad8df95d9c1fca1f2f
Yashma Ransomware Builder 1.2 MVID-2022-0613 Insecure Permissions
Posted Jun 24, 2022
Authored by malvuln | Site malvuln.com

Yashma Ransomware Builder version 1.2 malware suffers from an insecure permissions vulnerability.

tags | exploit
SHA-256 | 2958cbdc74819764ad9679c607c3aa49b36ad14d86fb437d927a14ccf2c14229
Backdoor.Win32.Cabrotor.10.d MVID-2022-0612 Remote Command Execution
Posted Jun 7, 2022
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Cabrotor.10.d malware suffers from an unauthenticated remote command execution vulnerability.

tags | exploit, remote
systems | windows
SHA-256 | 781c3249eb6aa36f7b01597bb27d91c8d79a40805368b694be3b50761acdfb32
Ransom.Haron MVID-2022-0609 Code Execution
Posted Jun 7, 2022
Authored by malvuln | Site malvuln.com

Haron ransomware looks for and executes DLLs in its current directory. Therefore, we can potentially hijack a DLL to execute our own code and control and terminate the malware pre-encryption. The exploit DLL will check if the current directory is "C:\Windows\System32" and if not we grab our process ID and terminate. We do not need to rely on hash signatures or third-party products as the malware's own flaw will do the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there's nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.

tags | exploit
systems | windows
SHA-256 | 4c3fd7aa8206ada973c32667b4e1c84dafa3c4f12b1ffdcb9c827ee3274adf6c
Trojan-Proxy.Win32.Symbab.o MVID-2022-0610 Heap Corruption
Posted Jun 7, 2022
Authored by malvuln | Site malvuln.com

Trojan-Proxy.Win32.Symbab.o malware suffers from a heap corruption vulnerability.

tags | exploit, trojan
systems | windows
SHA-256 | d87eadfc59cb93da41ff57f425f1d203ea3db932253b3a8c23cde42e7b31c47c
Trojan-Banker.Win32.Banbra.cyt MVID-2022-0611 Insecure Permissions
Posted Jun 7, 2022
Authored by malvuln | Site malvuln.com

Trojan-Banker.Win32.Banbra.cyt malware suffers from an insecure permissions vulnerability.

tags | exploit, trojan
systems | windows
SHA-256 | 59d78448228c37d3ef646c8d1875471e29b3ea9f4f7baf50d7b0322510692ded
Trojan-Banker.Win32.Banker.agzg MVID-2022-0608 Insecure Permissions
Posted Jun 7, 2022
Authored by malvuln | Site malvuln.com

Trojan-Banker.Win32.Banker.agzg malware suffers from an insecure permissions vulnerability.

tags | exploit, trojan
systems | windows
SHA-256 | 1876a4e6434c2516144ce66e1f105fb0ab5f8cd4fd16271c066310d836f2d9c2
Trojan-Ransom.Thanos MVID-2022-0607 Code Execution
Posted May 17, 2022
Authored by malvuln | Site malvuln.com

Thanos ransomware looks for and executes DLLs in its current directory. Therefore, we can potentially hijack a DLL to execute our own code and control and terminate the malware pre-encryption. The exploit DLL will check if the current directory is "C:\Windows\System32" and if not we grab our process ID and terminate. We do not need to rely on hash signatures or third-party products as the malware's own flaw will do the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there is nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.

tags | exploit
systems | windows
SHA-256 | 5533b7c50594024a4e1314f9732abe9064dda34616ffe16430cdf34c04e4c992
Ransom.Conti MVID-2022-0606 Code Execution
Posted May 16, 2022
Authored by malvuln | Site malvuln.com

Conti ransomware looks for and executes DLLs in its current directory. Therefore, we can potentially hijack a DLL to execute our own code and control and terminate the malware pre-encryption. The exploit dll will check if the current directory is "C:\Windows\System32" and if not we grab our process ID and terminate. We do not need to rely on hash signatures or third-party products as the malware's own flaw will do the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there's nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.

tags | exploit
systems | windows
SHA-256 | 416d676d2dba2bc714a0f32899777fc4ac6ccc2dee1d321fbce06785689158e1
Ransom.Conti MVID-2022-0605 Code Execution
Posted May 16, 2022
Authored by malvuln | Site malvuln.com

Conti ransomware looks for and executes DLLs in its current directory. Therefore, we can potentially hijack a DLL to execute our own code and control and terminate the malware pre-encryption. The exploit dll will check if the current directory is "C:\Windows\System32" and if not we grab our process ID and terminate. We do not need to rely on hash signatures or third-party products as the malware's own flaw will do the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there's nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.

tags | exploit
systems | windows
SHA-256 | f795b475d29adfdf8b620a90005e0f383bdd74c416a7b0a03d67e03d43a0cbc0
Ransom.Conti MVID-2022-0604 Code Execution
Posted May 16, 2022
Authored by malvuln | Site malvuln.com

Conti ransomware looks for and executes DLLs in its current directory. Therefore, we can potentially hijack a DLL to execute our own code and control and terminate the malware pre-encryption. The exploit dll will check if the current directory is "C:\Windows\System32" and if not we grab our process ID and terminate. We do not need to rely on hash signatures or third-party products as the malware's own flaw will do the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there's nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.

tags | exploit
systems | windows
SHA-256 | 4d905cb2862459d4fecc48e165734150e7824debee83563d1c97370c68c37f49
Ransom.Conti MVID-2022-0603 Code Execution
Posted May 16, 2022
Authored by malvuln | Site malvuln.com

Conti ransomware looks for and executes DLLs in its current directory. Therefore, we can potentially hijack a DLL to execute our own code and control and terminate the malware pre-encryption. The exploit dll will check if the current directory is "C:\Windows\System32" and if not we grab our process ID and terminate. We do not need to rely on hash signatures or third-party products as the malware's own flaw will do the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there's nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.

tags | exploit
systems | windows
SHA-256 | 0ce9d83fdb3abb054ddf70fa9d218732ae0b6e0c7a630b1391d656e794fc6b19
Ransom.Conti MVID-2022-0602 Code Execution
Posted May 16, 2022
Authored by malvuln | Site malvuln.com

Conti ransomware looks for and executes DLLs in its current directory. Therefore, we can potentially hijack a DLL to execute our own code and control and terminate the malware pre-encryption. The exploit dll will check if the current directory is "C:\Windows\System32" and if not we grab our process ID and terminate. We do not need to rely on hash signatures or third-party products as the malware's own flaw will do the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there's nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.

tags | exploit
systems | windows
SHA-256 | 9ba5c2eaaec9a657238330273ff40e343857a13f4d7407516463e0e13b810726
Ransom.Conti MVID-2022-0601 Code Execution
Posted May 16, 2022
Authored by malvuln | Site malvuln.com

Conti ransomware looks for and executes DLLs in its current directory. Therefore, we can potentially hijack a DLL to execute our own code and control and terminate the malware pre-encryption. The exploit dll will check if the current directory is "C:\Windows\System32" and if not we grab our process ID and terminate. We do not need to rely on hash signatures or third-party products as the malware's own flaw will do the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there's nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.

tags | exploit
systems | windows
SHA-256 | 5f702738bda0d77ea713340e950f9f2bd08db678fa6f2ebafafefa803ec45bc0
Ransom.REvil MVID-2022-0600 Code Execution
Posted May 12, 2022
Authored by malvuln | Site malvuln.com

REvil ransomware looks for and executes DLLs in its current directory. Therefore, we can hijack a DLL, execute our own code, and control and terminate the malware pre-encryption. The exploit DLL checks if the current directory is "C:\Windows\System32" and if not we grab our process ID and terminate. We do not need to rely on hash signatures or third-party products as the malware's flaw does the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there's nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.

tags | exploit
systems | windows
SHA-256 | 523695a11b3ac263c4750ad26a0863bafd1277bc8d7ee5e5f09039a4c903c94c
Ransom.REvil MVID-2022-0599 Code Execution
Posted May 12, 2022
Authored by malvuln | Site malvuln.com

REvil ransomware looks for and executes DLLs in its current directory. Therefore, we can hijack a DLL, execute our own code, and control and terminate the malware pre-encryption. The exploit DLL checks if the current directory is "C:\Windows\System32" and if not we grab our process ID and terminate. We do not need to rely on hash signatures or third-party products as the malware's flaw does the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there's nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.

tags | exploit
systems | windows
SHA-256 | c812238e5aec810b86cabbd3dbd8ea70c29dd0b071934148238665f8001da715
Ransom.REvil MVID-2022-0598 Code Execution
Posted May 12, 2022
Authored by malvuln | Site malvuln.com

REvil ransomware looks for and executes DLLs in its current directory. Therefore, we can hijack a DLL, execute our own code, and control and terminate the malware pre-encryption. The exploit DLL checks if the current directory is "C:\Windows\System32" and if not we grab our process ID and terminate. We do not need to rely on hash signatures or third-party products as the malware's flaw does the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there's nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.

tags | exploit
systems | windows
SHA-256 | aa6d045f0425bce26082463e9007553e34835ed1462eb3775f23793b2efde0b9
Ransom.REvil MVID-2022-0597 Code Execution
Posted May 12, 2022
Authored by malvuln | Site malvuln.com

REvil ransomware looks for and executes DLLs in its current directory. Therefore, we can hijack a DLL, execute our own code, and control and terminate the malware pre-encryption. The exploit DLL checks if the current directory is "C:\Windows\System32" and if not we grab our process ID and terminate. We do not need to rely on hash signatures or third-party products as the malware's flaw does the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there's nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.

tags | exploit
systems | windows
SHA-256 | e50e0f8dd0340a49a1f263f8304a8f67e25520134dc09f97a203083bb23437ee
Ransom.REvil MVID-2022-0595 Code Execution
Posted May 12, 2022
Authored by malvuln | Site malvuln.com

REvil ransomware looks for and executes DLLs in its current directory. Therefore, we can hijack a DLL, execute our own code, and control and terminate the malware pre-encryption. The exploit DLL checks if the current directory is "C:\Windows\System32" and if not we grab our process ID and terminate. We do not need to rely on hash signatures or third-party products as the malware's flaw does the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there's nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.

tags | exploit
systems | windows
SHA-256 | 4c448e0e5a0914fcc57d5d435b52042feff16ca95bf5c04fea342caeb1515eac
Ransom.REvil MVID-2022-0596 Code Execution
Posted May 12, 2022
Authored by malvuln | Site malvuln.com

REvil ransomware looks for and executes DLLs in its current directory. Therefore, we can hijack a DLL, execute our own code, and control and terminate the malware pre-encryption. The exploit DLL checks if the current directory is "C:\Windows\System32" and if not we grab our process ID and terminate. We do not need to rely on hash signatures or third-party products as the malware's flaw does the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there's nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.

tags | exploit
systems | windows
SHA-256 | 0cfd4ed7809eaa6bf784adff2f043dc32b8327dd12669f01b586f7bbc080223c
APT28 MVID-2022-0594 FancyBear Code Execution
Posted May 9, 2022
Authored by malvuln | Site malvuln.com

FancyBear looks for and executes DLLs in its current directory. Therefore, we can potentially hijack a DLL to execute our own code and control and terminate the malware. The exploit DLL will check if the current directory is "C:\Windows\System32" and if not we grab our process ID and terminate. We do not need to rely on hash signatures or third-party products as the malware's own flaw will do the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there's nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.

tags | exploit
systems | windows
SHA-256 | 6c9b981fb52c57e5101af2cf1b3b81f816bca03e29ff6f1e4765d923fb513d91
Ransom.Satana MVID-2022-0593 Code Execution
Posted May 9, 2022
Authored by malvuln | Site malvuln.com

Satana ransomware searches for and loads a DLL named "wow64log.dll" in Windows\System32. Therefore, we can drop our own DLL to intercept and terminate the malware pre-encryption. The exploit DLL will simply display a Win32API message box and call exit(). The exploit DLL must export the "InterlockedExchange" function or it fails with an error. We do not need to rely on hash signatures or third-party products as the malware's own flaw will do the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there's nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.

tags | exploit
systems | windows
SHA-256 | 8e9fad2d0891098b240a5be94c33ac547f4a261cfbe5fc26bc3d0ea2a0a36c17
Ransom.Conti MVID-2022-0592 Code Execution
Posted May 9, 2022
Authored by malvuln | Site malvuln.com

Conti ransomware looks for and executes DLLs in its current directory. Therefore, we can potentially hijack a DLL to execute our own code and control and terminate the malware pre-encryption. The exploit DLL will check if the current directory is "C:\Windows\System32" and if not we grab our process ID and terminate. We do not need to rely on hash signatures or third-party products as the malware's own flaw will do the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there's nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.

tags | exploit
systems | windows
SHA-256 | 52f6486bf24b541e770aac1c5ed3c3b2261c89fb9688a718a0b779cbf5c4f7d6
Page 1 of 25
Back12345Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close