Payload Loader With Evasion Features.
Features:
- no crt functions imported
- indirect syscalls using HellHall
- api hashing using CRC32 hashing algorithm
- payload encryption using rc4 - payload is saved in .rsrc
- Payload injection using APC calls - alertable thread
- Payload execution using APC - alertable thread
- Execution delation using MsgWaitForMultipleObjects - edit this
- the total size is 8kb + the payload size
- compatible with LLVM (clang-cl) Option
Usage:
- Use Builder to update the PayloadFile.pf file, that'll be the encrypted payload to be saved in the .rsrc section of the loader
- Compile as x64 Release
Debugging:
- Change Linker>SubSystem from /SUBSYSTEM:WINDOWS to /SUBSYSTEM:CONSOLE
- Set the loader in debug mode (uncomment this)
- build as release as well
Thanks For:
- https://www.x86matthew.com/view_post?id=writeprocessmemory_apc
- https://github.com/vxunderground/VX-API