Recently, hFireF0X provided a detailed walkthrough on the reverse engineering forum kernelmode.info about Win32/Poweliks malware. The particularity of this malware is that it resides in the Windows registry and uses rundll32.exe to execute JavaScript code.
I found it funny that we can execute some JavaScript through Rundll32 and obviously I was not the only one.
more here...........http://thisissecurity.net/2014/08/20/poweliks-command-line-confusion/
I found it funny that we can execute some JavaScript through Rundll32 and obviously I was not the only one.
more here...........http://thisissecurity.net/2014/08/20/poweliks-command-line-confusion/