Firstly, a folder is created in the temp directory, and the properties of the folder are opened using SHObjectProperties.
To retrieve the handle of the window independently of the system language, EnumWindows is used with a callback function that checks for the distinct folder name in every open window.
Through the properties page, the change icon dialog is invoked, whose handle is also retrieved with EnumWindows.
Lastly, the icon path is changed to a DLL (which has a .ico extension in this case), which causes the explorer to load the DLL after the OK button is pressed.
The “icon” is actually a simple DLL file with an .ico extension that opens the calculator app with an icon resource that was added using the Resource Hacker.
There are some anomalies when it comes to the appearance of the icon in the folder view.
I have tested this on two different Windows 10 versions (the newest and an older one) and on Windows 11.
On both of the Widnows 10 versions, the icon stored inside the DLL was not displayed when the extension was changed to .ico
On the newest Windows 10 version, however, it did work until I tried to open the “icon” inside of the photo app. Since then, I have not been able to recreate it.
For more information click here.
Playwright-MCP (Model Context Protocol) is a cutting-edge tool designed to bridge the gap between AI…
JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…
The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…
Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…
SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…
Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…