APCLdr : Payload Loader With Evasion Features

APCLdr is a Payload Loader With Evasion Features.

Features:

• no crt functions imported
• indirect syscalls using HellHall
• api hashing using CRC32 hashing algorithm
• payload encryption using rc4 – payload is saved in .rsrc
• Payload injection using APC calls – alertable thread
• Payload execution using APC – alertable thread
• Execution delation using MsgWaitForMultipleObjects – edit this
• the total size is 8kb + the payload size
• compatible with LLVM (clang-cl) Option

Usage:

• Use Builder to update the PayloadFile.pf file, that’ll be the encrypted payload to be saved in the .rsrc section of the loader
• Compile as x64 Release

Debugging:

• Change Linker>SubSystem from /SUBSYSTEM:WINDOWS to /SUBSYSTEM:CONSOLE
• Set the loader in debug mode (uncomment this)
• build as release as well

Thanks For:

• https://www.x86matthew.com/view_post?id=writeprocessmemory_apc
• https://github.com/vxunderground/VX-API

Tested with cobalt strike && Havoc on windows 10

Please consider following and supporting us to stay updated with the latest information.