Wizard-Loader

• Xwizard.exe is a commonly used diagnostic tool for Windows setup and installation, and like other executables, it loads dynamic link libraries (DLLs) to perform various tasks. However, The PoC patch the Xwizard.exe binary on order to make LoadLibrary API load malicious DLL instead of the intended one.

  

Detection

• Wizard-Loader

  

• Loader

  

DEMO

https://user-images.githubusercontent.com/60795188/219962573-83a1601b-3a14-40d1-befd-12154e1b2943.mp4