Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
SECRET//ORCON//NOFORN
5 Running via RunDLL32
A RunDLL32 entry point is provided by the Implant DLL to run the Implant
directly. When executed through RunDLL32, the Implant DLL is loaded and
executed within a RunDLL32 process, which will be present in the process list.
Usage
For 32-bit target:
rundll32.exe Assassin.dll,_EntryPoint@0
For 64-bit target:
rundll32.exe Assassin.dll,EntryPoint
19
SECRET//ORCON//NOFORN