APCLdr is one of the most sought-after tools for cybersecurity specialists since it is a cutting-edge payload loader with evasion features. APCLdr’s sophisticated features allow it to encrypt payloads using RC4, which gives the data being transferred an additional layer of protection. As a result, it is challenging for attackers to intercept and decode the data.
Payload injection utilizing APC calls is a feature that APCLdr supports in addition to encryption. With the help of this functionality, users can easily inject their payloads into active processes without raising any anti-virus software alarms or notifications. It is a strong tool that may assist you in staying ahead of any dangers and guaranteeing that your systems are completely secure at all times.
Overall, APCLdr is an excellent choice for anyone looking for a reliable and effective way to load payloads onto their systems while maintaining maximum security.
Features:
- no crt functions imported
- indirect syscalls using HellHall
- api hashing using CRC32 hashing algorithm
- payload encryption using rc4 – payload is saved in .rsrc
- Payload injection using APC calls – alertable thread
- Payload execution using APC – alertable thread
- Execution delation using MsgWaitForMultipleObjects – edit this
- the total size is 8kb + the payload size
- compatible with LLVM (clang-cl) Option
Usage:
- Use Builder to update the PayloadFile.pf file, that’ll be the encrypted payload to be saved in the .rsrc section of the loader
- Compile as x64 Release
Debugging:
- Change Linker>SubSystem from /SUBSYSTEM:WINDOWS to /SUBSYSTEM:CONSOLE
- Set the loader in debug mode (uncomment this)
- build as release as well
Thanks For:
- https://www.x86matthew.com/view_post?id=writeprocessmemory_apc
- https://github.com/vxunderground/VX-API
For more C Language scripts click HERE
