create File Compression Interface context on Windows

edit on GitHub
search on VirusTotal

rule:
  meta:
    name: create File Compression Interface context on Windows
    authors:
      - michael.hunhoff@mandiant.com
    lib: true
    scopes:
      static: function
      dynamic: call
    references:
      - https://docs.microsoft.com/en-us/windows/win32/msi/cabinet-files
    examples:
      - 44bad2e2a9e387b86870f009d01833ea4618d2a7cda5f64fa84a19f3bdf4efaf:0x1400028E0
  features:
    - or:
      - api: cabinet.FCICreate

last edited: 2023-11-29 15:22:52