APCLdr – Payload Loader With Evasion Features

Main / APCLdr – Payload Loader With Evasion Features

Discription

[![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjChygDSo9QCMwRn5zrSfIuY8DIowob7yOu0eLbQupFoDRoGoEpHiXLJ0uc2nBzXMNvsBDY8pq-5Hm0MFlRBpz5NHJJE8OrPFFdATRcwEMePOR02-L7WBhxPxF9p6jxKXlBLCfv-64PcV37l7NMXjP-8XcV_zizpn8fgZvEafQB3aiUab6rM9lzzkBHPg/w640-h248/wpm_apc.gif)]()

Payload Loader With [Evasion]( “Evasion” ) Features.

### Features:

* no crt functions imported
* indirect [syscalls]( “syscalls” ) using [HellHall]( “HellHall” )
* api hashing using [CRC32]( “CRC32” ) hashing algorithm
* payload [encryption]( “encryption” ) using rc4 – payload is saved in .rsrc
* Payload [injection]( “injection” ) using APC calls – alertable thread
* Payload execution using APC – alertable thread
* Execution delation using [MsgWaitForMultipleObjects]( “MsgWaitForMultipleObjects” ) – edit [this]( “this” )
* the total size is 8kb + the payload size
* compatible with **LLVM (clang-cl)** Option

### Usage:

* Use [Builder]( “Builder” ) to update the [PayloadFile.pf]( “PayloadFile.pf” ) file, that’ll be the encrypted payload to be saved in the .rsrc section of the loader
* Compile as x64 Release

### Debugging:

* Change _Linker>SubSystem_ from **/SUBSYSTEM:WINDOWS** to **/SUBSYSTEM:CONSOLE**
* Set the loader in debug mode (uncomment [this]( “this” ))
* build as release as well

### Thanks For:

*
*

#### Tested with [cobalt strike]( “cobalt strike” ) && Havoc on windows 10

**[Download APCLdr]( “Download APCLdr” )**Read More

References

Back to Main

Subscribe for the latest news: