Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
SECRET//ORCON//NOFORN
6 Running via RunDLL32
A RunDLL32 entry point is provided by the Implant Service DLL to run the
Implant directly. When executed through RunDLL32, the Implant Service DLL is
loaded and executed within a RunDLL32 process, which will be present in the
process list.
Usage
For 32-bit target:
rundll32.exe Assassin.dll,_EntryPoint@0
For 64-bit target:
rundll32.exe Assassin.dll,EntryPoint
25
SECRET//ORCON//NOFORN