exploit the possibilities
Showing 26 - 50 of 610 RSS Feed

Files from malvuln

Email addressprivate
Websitemalvuln.com
First Active2021-01-04
Last Active2022-05-17
View User Profile
REvil.Ransom MVID-2022-0583 Code Execution
Posted May 6, 2022
Authored by malvuln | Site malvuln.com

REvil ransomware looks for and executes DLLs in its current directory. Therefore, we can hijack a DLL, execute our own code, and control and terminate the malware pre-encryption. The exploit DLL checks if the current directory is "C:\Windows\System32" and if not we grab our process ID and terminate. We do not need to rely on hash signatures or third-party products, the malware's flaw does the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there's nothing to kill as the DLL just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.

tags | exploit
systems | windows
SHA-256 | 111b653e7522b76e8edf9e7a923244651c58b4723ffc3384a3138c38c6ef1977
Ransom.WannaCry MVID-2022-0582 Code Execution
Posted May 4, 2022
Authored by malvuln | Site malvuln.com

WannaCry ransomware looks for and executes DLLs in its current directory. Therefore, we can hijack a DLL to execute our own code in order to control and terminate the malware pre-encryption. The exploit DLL checks if the current directory is "C:\Windows\System32" and if not we grab our process ID and terminate. We do not need to rely on hash signatures or third-party products, the malware vulnerability does the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there is nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.

tags | exploit
systems | windows
SHA-256 | 75c864ef881d1530855d950ce35620da320dafb0cebe2d176ad34757f23f3194
REvil.Ransom MVID-2022-0581 Code Execution
Posted May 4, 2022
Authored by malvuln | Site malvuln.com

REvil ransomware looks for and executes DLLs in its current directory. Therefore, we can potentially hijack a DLL to execute our own code in order to control and terminate the malware pre-encryption. The exploit dll will check if the current directory is "C:\Windows\System32" and if not we grab our process ID and terminate. We do not need to rely on hash signature or third-party products as the malware vulnerability will do the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there is nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.

tags | exploit
systems | windows
SHA-256 | 07f3d9e3cb24992e24316fe7f8e41fc64fee499196a59b0f4d1594fec2186777
Ransom.Conti MVID-2022-0580 Code Execution
Posted May 4, 2022
Authored by malvuln | Site malvuln.com

Conti ransomware looks for and executes DLLs in its current directory. Therefore, we can potentially hijack a DLL to execute our own code to control and terminate the malware pre-encryption. The exploit dll will check if the current directory is "C:\Windows\System32". If not, we grab our process ID and terminate. We do not need to rely on hash signature or third-party products, the malware vulnerability will do the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there is nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.

tags | exploit
systems | windows
SHA-256 | 9cc7ba098e7d73f1ba5a406536afb6daff209000bfc578d3f4921cd931a7e23f
Conti.Ransom MVID-2022-0579 Code Execution
Posted May 4, 2022
Authored by malvuln | Site malvuln.com

Conti ransomware looks for and loads a DLL named "wow64log.dll" in Windows\System32. Therefore, we can drop our own DLL to intercept and terminate the malware pre-encryption. The exploit DLL will simply display a Win32API message box and call exit(). Our Conti.Ransom exploit DLL must export the "InterlockedExchange" function or it fails with an error. We do not need to rely on hash signature or third-party products, the malware vulnerability will do the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there is nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.

tags | exploit
systems | windows
SHA-256 | aa9ce885d596135e2fe0d53ecbaf0150134e9b1069abbd9201051712bdcaffad
RedLine.Stealer MVID-2022-0578 Code Execution
Posted May 3, 2022
Authored by malvuln | Site malvuln.com

RedLine looks for and loads a DLL named "wow64log.dll" in Windows\System32. Therefore, we can drop our own DLL to intercept and terminate the malware. The exploit DLL will simply display a Win32API message box and call exit(). Our RedLine exploit DLL must export the "InterlockedExchange" function or it fails with an error. We do not need to rely on a hash signature or third-party product, the malware vulnerability will do the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there's nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.

tags | exploit
systems | windows
SHA-256 | ba283ac98afc491c29dfdfeab95f8ae1dc56fd58e9ff0dffa31fbe553d191fb0
REvil MVID-2022-0577 Ransom Code Execution
Posted May 3, 2022
Authored by malvuln | Site malvuln.com

REvil looks for and executes DLLs in its current directory. Therefore, we can potentially hijack a vulnerable DLL to execute our own code, control and terminate the malware pre-encryption. The exploit DLL will check if the current directory is "C:\Windows\System32" and if not we grab our process ID and terminate. We do not need to rely on a hash signature or third-party product, the malware's own vulnerability will do the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there's nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.

tags | exploit
systems | windows
SHA-256 | 268cdb6f1c42815be3079d4e45fd4bf006bd0c4df1203a033c3ddc55bcdb5be7
Conti MVID-2022-0576 Ransom Code Execution
Posted May 3, 2022
Authored by malvuln | Site malvuln.com

Conti looks for and executes DLLs in its current directory. Therefore, we can potentially hijack a vulnerable DLL to execute our own code and control and terminate the malware pre-encryption. The exploit DLL will check if the current directory is "C:\Windows\System32" and if not we grab our process ID and terminate. We do not need to rely on a hash signature or third-party product, the malware's own vulnerability will do the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there is nothing to kill the DLL that just lives on disk waiting. From defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.

tags | exploit
systems | windows
SHA-256 | 8f3cec758aaf64bc9499249d6dededfe501e82460f8aa3041d9e092580c4e0f9
LokiLocker MVID-2022-0575 Ransom Code Execution
Posted May 3, 2022
Authored by malvuln | Site malvuln.com

LokiLocker looks for and executes DLLs in its current directory. Therefore, we can potentially hijack a vulnerable DLL to execute our own code, control and terminate the malware pre-encryption. The exploit DLL will check if the current directory is "C:\Windows\System32" and if not we grab our process ID and terminate. We do not need to rely on a hash signature or third-party product as the malware will do the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there is nothing to kill the DLL that just lives on disk waiting. From defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.

tags | exploit
systems | windows
SHA-256 | cf6779cc7e8fc059a533a276d417fb4939fa7a55fba0ba4f6accd93a624ae862
BlackBasta MVID-2022-0574 Ransom Code Execution
Posted May 3, 2022
Authored by malvuln | Site malvuln.com

BlackBasta looks for and loads a DLL named wow64log.dll in Windows\System32. Therefore, we can drop our own DLL to intercept and terminate the malware pre-encryption. The exploit DLL will simply display a Win32API message box and call exit(). Our BlackBasta exploit DLL must export the InterlockedExchange function or it fails with error. We do not need to rely on a hash signature or third-party product, the malware will do the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there is nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.

tags | exploit
systems | windows
SHA-256 | e1c4bddb5154781ba56ed838fb4186594dda0485db70b5497982ad2473999d9a
Ransom.AvosLocker MVID-2022-0573 Code Execution
Posted May 3, 2022
Authored by malvuln | Site malvuln.com

Ransom.AvosLocker ransomware looks for and executes DLLs in its current directory. Therefore, we can potentially hijack a vulnerable DLL to execute our own code and control and terminate the malware pre-encryption. The exploit DLL will check if the current directory is "C:\Windows\System32" and if not we grab our process ID and terminate. We do not need to rely on a hash signature or third-party product, the malware will do the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there is nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.

tags | exploit
systems | windows
SHA-256 | d0857628bf3ad43e446a4d3786f1d51b4eb563b6e22153fe746ce5261e315ec4
Ransom.LockBit MVID-2022-0572 Code Execution
Posted May 2, 2022
Authored by malvuln | Site malvuln.com

LockBit ransomware looks for and executes DLLs in its current directory. This can potentially allow us to execute our own code, control and terminate the malware pre-encryption. The exploit DLL will check if the current directory is "C:\Windows\System32" and if not we grab our process ID and terminate. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there's nothing to kill the DLL that just lives on disk waiting. All basic tests were conducted successfully in a virtual machine environment.

tags | exploit
SHA-256 | 2309d126cc5ad752cce17568336336941a74bd3cad316628d72b23e6103bbdc2
Backdoor.Win32.Agent.aegg MVID-2022-0571 Hardcoded Credential
Posted Apr 27, 2022
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Agent.aegg malware suffers from a hardcoded credential vulnerability.

tags | exploit
systems | windows
SHA-256 | 53f75d30a3e68a34d3ff3b8c12346375b8a937d60fb31ffaddd254aa7ebb9972
Trojan-Downloader.Win32.Agent MVID-2022-0570 Insecure Permissions
Posted Apr 27, 2022
Authored by malvuln | Site malvuln.com

Trojan-Downloader.Win32.Agent malware suffers from an insecure permissions vulnerability.

tags | exploit, trojan
systems | windows
SHA-256 | ae8f3ba20d2bc86c8d5582c66c01389075677ff6a3c6b3d0b14a4c7de160bb24
Backdoor.Win32.GF.j MVID-2022-0566 Remote Command Execution
Posted Apr 27, 2022
Authored by malvuln | Site malvuln.com

Backdoor.Win32.GF.j malware suffers from a remote command execution vulnerability.

tags | exploit, remote
systems | windows
SHA-256 | b1a0b3788ebf3189fc9856839cbb6a4e7b4cb2713556227380bc4d05ab71f4a0
Backdoor.Win32.Cafeini.b MVID-2022-0569 Man-In-The-Middle
Posted Apr 27, 2022
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Cafeini.b malware suffers from a man-in-the-middle vulnerability.

tags | exploit
systems | windows
SHA-256 | 6ea04b9be8a714b935c785d50f095eed0d536a8bdcc3b0eaaa74d588e9b19a41
Backdoor.Win32.Cafeini.b MVID-2022-0568 Hardcoded Credential
Posted Apr 27, 2022
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Cafeini.b malware suffers from a hardcoded credential vulnerability.

tags | exploit
systems | windows
SHA-256 | 74d97c59d1843d49d5346c7ce7c52a1e4b3dccd23ebe9e70b420b7da4561bcd4
Trojan-Downloader.Win32.Small.ahlq MVID-2022-0567 Insecure Permissions
Posted Apr 27, 2022
Authored by malvuln | Site malvuln.com

Trojan-Downloader.Win32.Small.ahlq malware suffers from an insecure permissions vulnerability.

tags | exploit, trojan
systems | windows
SHA-256 | 350196a679952271a1b8644768524b4bf527b9e4f5ddeda4fe2c4c1f9b2934c4
Virus.Win32.Qvod.b MVID-2022-0565 Insecure Permissions
Posted Apr 27, 2022
Authored by malvuln | Site malvuln.com

Virus.Win32.Qvod.b malware suffers from an insecure permissions vulnerability.

tags | exploit, virus
systems | windows
SHA-256 | 87a174dfb171a84fb3fe42f523517a6a91517598c8c5fc4a5f22464dda1e6371
Email-Worm.Win32.Sidex MVID-2022-0564 Remote Command Execution
Posted Apr 27, 2022
Authored by malvuln | Site malvuln.com

Email-Worm.Win32.Sidex malware suffers from a remote command execution vulnerability.

tags | exploit, worm, remote
systems | windows
SHA-256 | b3722025a9f25e3a5ec409d1add355bb760e54b81c881cd09f85f9f93a8ca0e6
Net-Worm.Win32.Kibuv.c MVID-2022-0563 Authentication Bypass
Posted Apr 27, 2022
Authored by malvuln | Site malvuln.com

Net-Worm.Win32.Kibuv.c malware suffers from an authentication bypass vulnerability.

tags | exploit, worm, bypass
systems | windows
SHA-256 | 19abd12c98e17d2a4909a274c49ee28ec3e233210634f6b76fb31712690429d8
Backdoor.Win32.Jokerdoor MVID-2022-0562 Buffer Overflow
Posted Apr 27, 2022
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Jokerdoor malware suffers from a buffer overflow vulnerability.

tags | exploit, overflow
systems | windows
SHA-256 | 949be84608d28e27970c8245bf2a554a1d7bacb3e2ebe644ebb97328491fc4b5
Trojan-Banker.Win32.Banker.heq MVID-2022-0561 Insecure Permissions
Posted Apr 27, 2022
Authored by malvuln | Site malvuln.com

Trojan-Banker.Win32.Banker.heq malware suffers from an insecure permissions vulnerability.

tags | exploit, trojan
systems | windows
SHA-256 | ef387db61428ff8d6e4c95704ea36c710cb194d1daa0bc32afd3292ca620a65e
Backdoor.Win32.GateHell.21 MVID-2022-0559 Authentication Bypass
Posted Apr 19, 2022
Authored by malvuln | Site malvuln.com

Backdoor.Win32.GateHell.21 malware suffers from an authentication bypass vulnerability.

tags | exploit, bypass
systems | windows
SHA-256 | 3190bfb5d5a0c4124a88bc50873589e7242c550aaf54cc63e175b599737268ef
Backdoor.Win32.Delf.zn MVID-2022-0556 Insecure Credential Storage
Posted Apr 19, 2022
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Delf.zn malware suffers from an insecure credential storage vulnerability.

tags | exploit
systems | windows
SHA-256 | 7e8128a40977898958af81861cbe4f43dc3648a1dd0f157508fad6059ee5906f
Page 2 of 25
Back12345Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close