The certutil command in Windows
when the certutil command is run by a ca without additional parameters, it displays the current ca configuration. when the certutil command is run on an unassigned ca, the defaultCertUtil.exe allows an attacker to download malicious code and bypass antivirus software
is legitimate software but certutil is used to install malware on the victim's computer.