Malware Adventurez

Me writing crappy malware and archiving it for future reference.

DISCLAIMER: A lot of this stuff doesnt work, is copied or badly written. This is my archive so I can refer to this when I need code snippets.

Name	Description	Language
Keylogger	Basic Keylogger	C++
ClipboardStealer	Basic Clipboard Stealer	C++
Nimject	My stupid first syscall packer	Nim
Dynamic Resolving Shellcode Runner	Shellcode Runner that resolves functions dynamically, resulting in a PE with an empty IAT	C++
Process Hollowing XOR	ProcessHollowing injector with XOR encrypted Payload	C#
Process Hollowing AES	ProcessHollowing injector with AES encrypted Payload	C++
ProcHollowDinvoke	ProcessHollowing injector using DInvoke	C#
InvokeAsAdmin	Kindly Ask for Admin Permissions before invoking Shellcode	C#
APC-Q_Unhooking	Overwrite hooked ntdll with a fresh copy to avoid EDR hooks and invoke Shellcode via APC-Queuing.	C++
Parallel Syscalls Technique	Read syscall numbers from ntdll for selected syscalls from `LdrpThunkSignature` and use these syscalls to read a fresh unhooked ntdll from disc.	C++
PPID Spoofing	Spoof Parent Process ID by using NtCreateUserProcess	C++
Reflective PE Injection	Reflective PE Injection	C++
Shellcode String Encoder	Use strings from a binary to encode shellcode in order to reduce entropy	C++
AmsiPatch	Start a powershell and patch AmsiScanBuffer	C++
ThreadContextInject	Inject shellcode using SetThreadContext	C++
MapViewInjection	Inject code in a remote process using a mapped section view	C++
Hardware Breakpoint Remote Process AMSI Bypass	Hardware Breakpoint AMSI Bypass for Remote Process. Doesnt work	C++
Reflective DLL Injection	Reimplementing Reflective DLL Injection (WIP)	C++
SyscallSorting	Syscall Sorting	C++
RdpCredThief	Hook CredUnPackAuthenticationBufferW to yoink creds from mstsc.exe (or other applications)	C++
AmsiProviderEnum	Enumerate AMSI providers and the respective DLLs	C#

eversinc33/MalwareAdventurez

Malware Adventurez