Bleeping Computer

Regsvr32 can be used to install Ransomware through Jscript Installers

A security researcher named Casey Smith published an article last week where he detailed how the Windows Regsvr32.exe command could be used to bypass AppLocker restrictions. In this article he ...
Threat Post

Cybercriminals Swarm Windows Utility Regsvr32 to Spread Malware

The living-off-the-land binary (LOLBin) is anchoring a rash of cyberattacks bent on evading security detection to drop Qbot and Lokibot. A Windows living-off-the-land binary (LOLBin) known as Regsvr32 ...
TWCN Tech News

RegSvr32, The module failed to load error on Windows 11/10

The module <NameOfSystemFile> failed to load. Make sure the binary is sorted at the specified path or debug it to check for problems with the binary or dependent .DLL ...
Bleeping Computer

Qbot, Lokibot malware switch back to Windows Regsvr32 delivery

Malware distributors have turned to an older trick known as Squiblydoo to spread Qbot and Lokibot via Microsoft Office document using regsvr32.exe. A report from the threat research team at security ...
CSOonline

Researcher uses Regsvr32 function to bypass AppLocker

A researcher in Colorado has discovered a feature in Regsvr32 that allows an attacker to bypass application whitelisting protections, such as those afforded by Microsoft’s AppLocker. If the technique ...
Ars Technica

reversing a regsvr32 initialization

If I use the regsvr32 command to initialize (register?) a .dll or .ocx file, is there an actual procedure to reverse this or do I simply delete the file? TIA.