APCLdr: Payload Loader With Evasion Features

APCLdr: Payload Loader With Evasion Features

Features:

• no crt functions imported
• indirect syscalls using HellHall
• api hashing using the CRC32 hashing algorithm
• payload encryption using rc4 – payload is saved in .rsrc
• Payload injection using APC calls – alertable thread
• Payload execution using APC – alertable thread
• Execution delation using MsgWaitForMultipleObjects – edit this
• the total size is 8kb + the payload size
• compatible with LLVM (clang-cl) Option

Usage:

• Use Builder to update the PayloadFile.pf file, that’ll be the encrypted payload to be saved in the .rsrc section of the loader
• Compile as x64 Release

Debugging:

• Change Linker>SubSystem from /SUBSYSTEM:WINDOWS to /SUBSYSTEM:CONSOLE
• Set the loader in debug mode (uncomment this)
• build as release as well

Download

Copyright (c) 2023 NULL