Kali Linux

Shhhloader : SysWhispers Shellcode Loader

Shhhloader is a SysWhispers Shellcode Loader that is currently a Work in Progress. It takes raw shellcode as input and compiles a C++ stub that has been integrated with SysWhispers in order to bypass AV/EDR. The included python builder will work on any Linux system that has Mingw-w64 installed.

The tool has been confirmed to successfully load Meterpreter and a Cobalt Strike beacon on fully updated systems with Windows Defender enabled. The project itself is still in a PoC/WIP state, as it currently doesn’t work with all payloads.

2/9/22 EDIT: Shhhloader now includes 5 different ways to execute your shellcode! See below for updated usage. Big thanks to @Snovvcrash and their DInjector project for inspiration! I highly recommend taking a look at it for more information regarding the shellcode injection techniques and code that this tool is now based on.

┳┻|
┻┳|
┳┻|
┻┳|
┳┻| _
┻┳| •.•) – Shhhhh, AV might hear us!
┳┻|⊂ノ
┻┳|
usage: Shhhloader.py [-h] [-p explorer.exe] [-m QueueUserAPC] [-nr] [-v] [-d] [-o a.exe] file
ICYGUIDER’S CUSTOM SYSWHISPERS SHELLCODE LOADER
positional arguments:
file File containing raw shellcode
optional arguments:
-h, –help show this help message and exit
-p explorer.exe, –process explorer.exe
Process to inject into (Default: explorer.exe)
-m QueueUserAPC, –method QueueUserAPC
Method for shellcode execution (Options: ProcessHollow, QueueUserAPC,
RemoteThreadContext, RemoteThreadSuspended, CurrentThread) (Default: QueueUserAPC)
-nr, –no-randomize Disable syscall name randomization
-v, –verbose Enable debugging messages upon execution
-d, –dll-sandbox Use DLL based sandbox checks instead of the standard ones
-o a.exe, –outfile a.exe
Name of compiled file

Features

  • 5 Different Shellcode Execution Methods (ProcessHollow, QueueUserAPC, RemoteThreadContext, RemoteThreadSuspended, CurrentThread)
  • PPID Spoofing
  • Block 3rd Party DLLs
  • Syscall Name Randomization
  • XOR Encryption with Dynamic Key Generation
  • Sandbox Evasion via Loaded DLL Enumeration
  • Sandbox Evasion via Checking Processors, Memory, and Time

Tested and Confirmed Working on:

  • Windows 10 21H1 (10.0.19043)
  • Windows 10 20H2 (10.0.19042)
  • Windows Server 2019 (10.0.17763)
Download
R K

Leave a Comment
Share
Published by
R K
Tags: ShhhloaderSysWhispers
4 years ago

Recent Posts

How to Install Java on Ubuntu 24.04 Easily in 2026

Java remains one of the most widely used programming platforms for servers, enterprise applications, Android…

22 hours ago

How to Install DEB Files on Ubuntu in 2026 (Step-by-Step Beginner Guide)

Ubuntu users often download software directly from developer websites instead of using the default app…

22 hours ago

Things to Do After Installing Ubuntu 26.04 LTS for a Fast, Secure Setup

Installing Ubuntu 26.04 LTS is only the first step toward building a smooth, secure, and…

3 days ago

How to Prevent Software Supply Chain Attacks

What is a Software Supply Chain Attack? A software supply chain attack occurs when a…

1 month ago

How UDP Works and Why It Is So Fast

When people ask how UDP works, the simplest answer is this: UDP sends data quickly…

2 months ago

How EDR Killers Bypass Security Tools

Endpoint Detection and Response (EDR) solutions have become a cornerstone of modern cybersecurity, designed to…

2 months ago