what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Ransom.REvil MVID-2022-0596 Code Execution
Posted May 12, 2022
Authored by malvuln | Site malvuln.com

REvil ransomware looks for and executes DLLs in its current directory. Therefore, we can hijack a DLL, execute our own code, and control and terminate the malware pre-encryption. The exploit DLL checks if the current directory is "C:\Windows\System32" and if not we grab our process ID and terminate. We do not need to rely on hash signatures or third-party products as the malware's flaw does the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there's nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.

tags | exploit
systems | windows
SHA-256 | 0cfd4ed7809eaa6bf784adff2f043dc32b8327dd12669f01b586f7bbc080223c

Related Files

Ransom.REvil MVID-2022-0600 Code Execution
Posted May 12, 2022
Authored by malvuln | Site malvuln.com

REvil ransomware looks for and executes DLLs in its current directory. Therefore, we can hijack a DLL, execute our own code, and control and terminate the malware pre-encryption. The exploit DLL checks if the current directory is "C:\Windows\System32" and if not we grab our process ID and terminate. We do not need to rely on hash signatures or third-party products as the malware's flaw does the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there's nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.

tags | exploit
systems | windows
SHA-256 | 523695a11b3ac263c4750ad26a0863bafd1277bc8d7ee5e5f09039a4c903c94c
Ransom.REvil MVID-2022-0599 Code Execution
Posted May 12, 2022
Authored by malvuln | Site malvuln.com

REvil ransomware looks for and executes DLLs in its current directory. Therefore, we can hijack a DLL, execute our own code, and control and terminate the malware pre-encryption. The exploit DLL checks if the current directory is "C:\Windows\System32" and if not we grab our process ID and terminate. We do not need to rely on hash signatures or third-party products as the malware's flaw does the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there's nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.

tags | exploit
systems | windows
SHA-256 | c812238e5aec810b86cabbd3dbd8ea70c29dd0b071934148238665f8001da715
Ransom.REvil MVID-2022-0598 Code Execution
Posted May 12, 2022
Authored by malvuln | Site malvuln.com

REvil ransomware looks for and executes DLLs in its current directory. Therefore, we can hijack a DLL, execute our own code, and control and terminate the malware pre-encryption. The exploit DLL checks if the current directory is "C:\Windows\System32" and if not we grab our process ID and terminate. We do not need to rely on hash signatures or third-party products as the malware's flaw does the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there's nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.

tags | exploit
systems | windows
SHA-256 | aa6d045f0425bce26082463e9007553e34835ed1462eb3775f23793b2efde0b9
Ransom.REvil MVID-2022-0597 Code Execution
Posted May 12, 2022
Authored by malvuln | Site malvuln.com

REvil ransomware looks for and executes DLLs in its current directory. Therefore, we can hijack a DLL, execute our own code, and control and terminate the malware pre-encryption. The exploit DLL checks if the current directory is "C:\Windows\System32" and if not we grab our process ID and terminate. We do not need to rely on hash signatures or third-party products as the malware's flaw does the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there's nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.

tags | exploit
systems | windows
SHA-256 | e50e0f8dd0340a49a1f263f8304a8f67e25520134dc09f97a203083bb23437ee
Ransom.REvil MVID-2022-0595 Code Execution
Posted May 12, 2022
Authored by malvuln | Site malvuln.com

REvil ransomware looks for and executes DLLs in its current directory. Therefore, we can hijack a DLL, execute our own code, and control and terminate the malware pre-encryption. The exploit DLL checks if the current directory is "C:\Windows\System32" and if not we grab our process ID and terminate. We do not need to rely on hash signatures or third-party products as the malware's flaw does the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there's nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.

tags | exploit
systems | windows
SHA-256 | 4c448e0e5a0914fcc57d5d435b52042feff16ca95bf5c04fea342caeb1515eac
REvil.Ransom MVID-2022-0583 Code Execution
Posted May 6, 2022
Authored by malvuln | Site malvuln.com

REvil ransomware looks for and executes DLLs in its current directory. Therefore, we can hijack a DLL, execute our own code, and control and terminate the malware pre-encryption. The exploit DLL checks if the current directory is "C:\Windows\System32" and if not we grab our process ID and terminate. We do not need to rely on hash signatures or third-party products, the malware's flaw does the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there's nothing to kill as the DLL just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.

tags | exploit
systems | windows
SHA-256 | 111b653e7522b76e8edf9e7a923244651c58b4723ffc3384a3138c38c6ef1977
REvil.Ransom MVID-2022-0581 Code Execution
Posted May 4, 2022
Authored by malvuln | Site malvuln.com

REvil ransomware looks for and executes DLLs in its current directory. Therefore, we can potentially hijack a DLL to execute our own code in order to control and terminate the malware pre-encryption. The exploit dll will check if the current directory is "C:\Windows\System32" and if not we grab our process ID and terminate. We do not need to rely on hash signature or third-party products as the malware vulnerability will do the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there is nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.

tags | exploit
systems | windows
SHA-256 | 07f3d9e3cb24992e24316fe7f8e41fc64fee499196a59b0f4d1594fec2186777
Backdoor.Win32.Agent.aak MVID-2021-0094 Hardcoded Credentials
Posted Feb 18, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Agent.aak malware suffers from a hardcoded credential vulnerability.

tags | exploit
systems | windows
SHA-256 | d384b41292fe358452a4a3a80b168dead2cf891a7677d24a3838cd59e7e78221
Backdoor.Win32.Burbul.b MVID-2021-0093 Anonymous Login
Posted Feb 16, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Burbul.b malware has an ftp service that allows for anonymous login.

tags | exploit
systems | windows
SHA-256 | eacd817de5297bfb135a0355f799bafec34151bbf8e3f6ea6560cc32d694a5b8
Backdoor.Win32.Indexer.a MVID-2021-0092 Denial Of Service
Posted Feb 16, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Indexer.a malware suffers from a denial of service vulnerability.

tags | exploit, denial of service
systems | windows
SHA-256 | d48a8459e1ba4c181989347d8c267adcf50e5532c2ce2473ef00b11baab6e68f
Backdoor.Win32.Indexer.a MVID-2021-0091 Hardcoded Credentials
Posted Feb 16, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Indexer.a malware has a backdoor with weak hardcoded credentials.

tags | exploit
systems | windows
SHA-256 | 75d07c22ee885ccdb973aa8ca9f378855c5b303ddbc339cb577013a21100e03a
Backdoor.Win32.Bifrose.ahvb MVID-2021-0090 Insecure Permissions
Posted Feb 16, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Bifrose.ahvb malware suffers from an insecure permissions vulnerability.

tags | exploit
systems | windows
SHA-256 | bb9f15193f65ac95f44d88b0e2811648f4d5f5e78134baf5e273c723603eb732
Backdoor.Win32.Azbreg.aant MVID-2021-0089 Insecure Permissions
Posted Feb 16, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Azbreg.aant malware suffers from an insecure permissions vulnerability.

tags | exploit
systems | windows
SHA-256 | 3f3b586377091c5728cc4ed6050e6e4d141deb1e6711e3fc59e9739723b01122
Trojan-Spy.Win32.WinSpy.wlt MVID-2021-0087 Insecure Permissions
Posted Feb 16, 2021
Authored by malvuln | Site malvuln.com

Trojan-Spy.Win32.WinSpy.wlt malware suffers from an insecure permissions vulnerability.

tags | exploit, trojan
systems | windows
SHA-256 | ee41322d396b9353808b98f8ec6e507cafd8ed0f4d9af3255a6d5ef01f3a21ac
Backdoor.Win32.Cabrotor.21 MVID-2021-0088 Insecure Permissions
Posted Feb 16, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Cabrotor.21 malware suffers from an insecure permissions vulnerability.

tags | exploit
systems | windows
SHA-256 | c2d956f1d6f57c163208002771f8edd75cfc357f0d3a375becbe49cd2f96dd97
Backdoor.Win32.Cafeini.08.b MVID-2021-0086 Missing Authentication
Posted Feb 15, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Cafeini.08.b malware suffers from a missing authentication vulnerability.

tags | exploit
systems | windows
SHA-256 | 42b334aea82507140ecc84d70e3e827069455b64df4111d0bb8d29ceb5e02d14
Backdoor.Win32.Backlash.101 MVID-2021-0085 Missing Authentication
Posted Feb 13, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Backlash.101 malware suffers from a missing authentication vulnerability.

tags | exploit
systems | windows
SHA-256 | 63843432e1b6f0a7fb44c3fb0f691735a6fa62d448888ba7c921659dbfa6b183
Backdoor.Win32.BackAttack.18 MVID-2021-0084 Missing Authentication
Posted Feb 11, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.BackAttack.18 malware suffers from a missing authentication vulnerability that can allow for remote screenshots, system restart, and more.

tags | exploit, remote
systems | windows
SHA-256 | f1d1181c7b20a45dade4acd19939dbe503d5a1101652d99916a11ccf32e27c23
Backdoor.Win32.Augudor.a MVID-2021-0083 Code Execution
Posted Feb 11, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Augudor.a malware suffers from a code execution vulnerability.

tags | exploit, code execution
systems | windows
SHA-256 | 9ea94d39200a50f8a70a8edc2d711b64cd27c932ffce9d43b1f8d33b414ae1d7
Backdoor.Win32.Aphexdoor.LiteSock MVID-2021-0082 Buffer Overflow
Posted Feb 10, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Aphexdoor.LiteSock malware suffers from a buffer overflow vulnerability.

tags | exploit, overflow
systems | windows
SHA-256 | 8b6ccade23d3ec6d18ecf166c4a5516158a541bd323da2a669ba9d7a232ab203
Backdoor.Win32.NetTerrorist MVID-2021-0081 Authentication Bypass / Code Execution
Posted Feb 9, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.NetTerrorist malware suffers from bypass and code execution vulnerabilities.

tags | exploit, vulnerability, code execution
systems | windows
SHA-256 | a84e847103256104dc3efdecf379b465270c3106e0b1b1c48f64df43bc8e92b7
Trojan.Win32.Cafelom.bu MVID-2021-0080 Heap Corruption
Posted Feb 9, 2021
Authored by malvuln | Site malvuln.com

Trojan.Win32.Cafelom.bu malware suffers from a heap corruption vulnerability.

tags | exploit, trojan
systems | windows
SHA-256 | c495636b818cd7c3b7660d9376094f54b60fc76dab0d98070462b30ed384dc61
Backdoor.Win32.Wollf.15 MVID-2021-0079 Missing Authentication
Posted Feb 8, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Wollf.15 malware suffers from a missing authentication vulnerability.

tags | exploit
systems | windows
SHA-256 | c41d4e61e238652534263ff190da9b31485a2ea670fba91accb2732c0271f2be
Trojan-Spy.Win32.WinSpy.vwl MVID-2021-0078 Insecure Permissions
Posted Feb 8, 2021
Authored by malvuln | Site malvuln.com

Trojan-Spy.Win32.WinSpy.vwl malware suffers from an insecure permissions vulnerability.

tags | exploit, trojan
systems | windows
SHA-256 | 026c6b0c349e86e43c5a43835c5941f5db65347448416bb24177660d2b517527
Trojan-Spy.Win32.WebCenter.a MVID-2021-0077 Information Disclosure
Posted Feb 8, 2021
Authored by malvuln | Site malvuln.com

Trojan-Spy.Win32.WebCenter.a malware suffers from an information leakage vulnerability.

tags | exploit, trojan
systems | windows
SHA-256 | bbe687c0905aad324c811b55eb6f7b45bbca79de22771d469b8334329c6242a8
Page 1 of 4
Back1234Next

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close