Windows Screensaver

Windows allows users to specify any executable to be used as a screen saver. When used as a persistence mechanism, a malicious screensaver binary is listed in the registry, and executed every time inactivity timer runs out.

Registry:
HKCU:\Control Panel\Desktop\SCRNSAVE.EXE
HKCU:\SOFTWARE\Policies\Microsoft\Windows\Control Panel\Desktop\SCRNSAVE.EXE

Test: rundll32.exe desk.cpl,InstallScreenSaver executable.exe

Reference:
https://msdn.microsoft.com/en-us/library/dd405477(v=vs.85).aspx
http://www.securityfocus.com/archive/1/434926/30/0/threaded