1 | | - | # APCLdr |
2 | | - | Payload Loader For Evasion |
| 1 | + | |
| 2 | + | <h2 align="center"> |
| 3 | + | APCLdr: Payload Loader With Evasion Features |
| 4 | + | </h2> |
| 5 | + | |
| 6 | + | |
| 7 | + | |
| 8 | + | ### Features: |
| 9 | + | - no crt functions imported |
| 10 | + | - indirect syscalls using [HellHall](https://github.com/Maldev-Academy/HellHall) |
| 11 | + | - api hashing using [CRC32](https://github.com/NUL0x4C/APCLdr/blob/main/APCLdr/Win32.c#L111) hashing algorithm |
| 12 | + | - payload encryption using rc4 - payload is saved in .rsrc |
| 13 | + | - Payload injection using APC calls - alertable thread |
| 14 | + | - Payload execution using APC - alertable thread |
| 15 | + | - Execution delation using [MsgWaitForMultipleObjects](https://github.com/NUL0x4C/APCLdr/blob/main/APCLdr/APCLdr.c#L66) - edit [this](https://github.com/NUL0x4C/APCLdr/blob/main/APCLdr/Common.h#L6) |
| 16 | + | |
| 17 | + | <br> |
| 18 | + | |
| 19 | + | ### Usage: |
| 20 | + | Use [Builder](https://github.com/NUL0x4C/APCLdr/tree/main/Builder) to update the [PayloadFile.pf](https://github.com/NUL0x4C/APCLdr/blob/main/APCLdr/PayloadFile.pf) file, that'll be the encrypted payload to be saved in the .rsrc section of the loader |
| 21 | + | |
| 22 | + | |
| 23 | + | <br> |
| 24 | + | |
| 25 | + | ### Thanks For: |
| 26 | + | - https://www.x86matthew.com/view_post?id=writeprocessmemory_apc |
| 27 | + | - https://github.com/vxunderground/VX-API |
| 28 | + | |
| 29 | + | <br> |
| 30 | + | |
| 31 | + | |
| 32 | + | <h4 align="center"> |
| 33 | + | Tested with cobalt strike && Havoc on windows 10 |
| 34 | + | </h4> |
| 35 | + | |
| 36 | + | |
3 | 37 | | |