Windows Setup Application Programming Interface

Paths:

c:\windows\system32\setupapi.dll
c:\windows\syswow64\setupapi.dll

Detection:

AWL bypass

Execute the specified (local or remote) .wsh/.sct script with scrobj.dll in the .inf file by calling an information file directive (section name specified).

rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\Tools\shady.inf

Execute

Launch an executable file via the InstallHinfSection function and .inf file section directive.

rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\\Tools\\calc_exe.inf