LoFP / viberpc updater calls this binary with the following commandline \"ie4uinit.exe -cleariconcache\"

Techniques

• t1218

Sample rules

Ie4uinit Lolbin Use From Invalid Path

• source: sigma
• technicques:
  • t1218

Description

Detect use of ie4uinit.exe to execute commands from a specially prepared ie4uinit.inf file from a directory other than the usual directories

Detection logic

condition: lolbin and not 1 of filter_*
filter_correct:
  CurrentDirectory:
  - c:\windows\system32\
  - c:\windows\sysWOW64\
filter_missing:
  CurrentDirectory: null
lolbin:
- Image|endswith: \ie4uinit.exe
- OriginalFileName: IE4UINIT.EXE