---
Name: Pcwutl.dll
Description: Microsoft HTML Viewer
Author:
Created: '2018-05-25'
Commands:
  - Command: rundll32.exe pcwutl.dll,LaunchApplication calc.exe
    Description: Launch executable by calling the LaunchApplication function.
    UseCase: Launch an executable.
    Category: Execute
    Privileges: User
    MitreID: T1085
    MItreLink: https://attack.mitre.org/wiki/Technique/T1085
    OperatingSystem: Windows
Full_Path:
  - Path: c:\windows\system32\pcwutl.dll
  - Path: c:\windows\syswow64\pcwutl.dll
Code_Sample:
  - Code:
Detection:
  - IOC:
Resources:
  - Link: https://twitter.com/harr0ey/status/989617817849876488
  - Link: https://windows10dll.nirsoft.net/pcwutl_dll.html
Acknowledgement:
  - Person: Matt harr0ey
    Handle: '@harr0ey'
---