APCLdr: Payload Loader With Evasion Features

by do son ·

Payload Loader

APCLdr: Payload Loader With Evasion Features

Features:

  • no crt functions imported
  • indirect syscalls using HellHall
  • api hashing using the CRC32 hashing algorithm
  • payload encryption using rc4 – payload is saved in .rsrc
  • Payload injection using APC calls – alertable thread
  • Payload execution using APC – alertable thread
  • Execution delation using MsgWaitForMultipleObjects – edit this
  • the total size is 8kb + the payload size
  • compatible with LLVM (clang-cl) Option

Usage:

  • Use Builder to update the PayloadFile.pf file, that’ll be the encrypted payload to be saved in the .rsrc section of the loader
  • Compile as x64 Release

Debugging:

  • Change Linker>SubSystem from /SUBSYSTEM:WINDOWS to /SUBSYSTEM:CONSOLE
  • Set the loader in debug mode (uncomment this)
  • build as release as well

Download

Copyright (c) 2023 NULL

Tags: Payload Loader