help first install

[MATOM0809]

hello To start Bravo for this beautiful work.

I wanted to test an application with $$77, it has disappeared from task manager and process explorer but impossible to recover it. By restarting I found the application.
How to recover it without restarting?
I was for a file but the impossible to recover even by restarting.

on the other hand as I have not seen anywhere how to install your project $77.
So I created a folder at the root c Hidden_config , and I tested with TestConsole to hide a program and it works . Hide from task manager and process explorer . On the other hand it does not create in regedit $77config Thanx for help i have w10 x 6 bits

[bytecode77]

When you run Install.exe, r77 is installed and persisted. The next time you reboot your computer, it's still running. That's why you don't see the hidden file.

When you run Uninstall.exe, r77 is gracefully detached from all running processes, and everything including the $77config is deleted.

The $77config key is only created when you install r77, not when you inject single processes in the Test Console. Also keep in mind that in order to edit this key, you may need to detach r77 from RegEdit.exe.

If you like to read more about the exact functionality and how exactly to configure r77, I suggest taking a look into the documentation. It does into detail about how to use r77 and also into deep technical detail in the later chapters.

[MATOM0809]

thanx for response but yes, before writing to you, I looked at the documentation but as I am a great beginner, I do not understand much, sorry. You have not answered me about the installation of your work . Do I have to go through visual studio 2019 to clone the project or not at all? should I create a folder has the root + other folder in c system32 etc? hiidenfile.txt and hiddenapp.exe or is it visual 2019 that creates All folders can be?

[uncidal]

I am not the developer of this code, but can you try to tell us what you are trying to achieve?

If I understand you correctly, if you are not going to change anything in code, you dont need visual studio, you can download it from his website (https://bytecode77.com/r77-rootkit), password: bytecode77 And when you execute the Install.exe, basically everything on your computer that starts with $77 will be hidden. But you can use TestConsole to detach r77 from an specific application, so it will be visible for that application (like regedit, or file explorer). So if you want to hide a folder or an application, the name has to start with $77

[bytecode77]

Like @uncidal said, you don't have to compile r77 yourself.

Just make sure to read Section 5 - Integration best practices. Because despite the fact that Install.exe is really the only file you need - you still need to do some precautions when deploying it.

For example:

• Don't drop Install.exe to disk. This advice is not r77-specific, but it's generally bad to drop malicious files to the disk as they will get detected. It took a lot of work to make r77 fileless, but executing the Installer using RunPE is your part.
• Use DLL unhooking in your process that RunPE's the installer

Of course, r77 will run fine if you just copy Install.exe to the disk and execute it. However, it may get deleted by AV.

[MATOM0809]

I am not the developer of this code, but can you try to tell us what you are trying to achieve?

If I understand you correctly, if you are not going to change anything in code, you dont need visual studio, you can download it from his website (https://bytecode77.com/r77-rootkit), password: bytecode77 And when you execute the Install.exe, basically everything on your computer that starts with $77 will be hidden. But you can use TestConsole to detach r77 from an specific application, so it will be visible for that application (like regedit, or file explorer). So if you want to hide a folder or an application, the name has to start with $77

ok thanx for help ;)

no, I didn't load or change the code.
I understood that renaming a file with $77 ex $77tolls.exe , it would hide by running the exe .
personally I tested with TestConsole and it worked.
a question for console test , I have to do injected + hide correct ?

[MATOM0809]

Like @uncidal said, you don't have to compile r77 yourself.

Just make sure to read Section 5 - Integration best practices. Because despite the fact that Install.exe is really the only file you need - you still need to do some precautions when deploying it.

For example:

• Don't drop Install.exe to disk. This advice is not r77-specific, but it's generally bad to drop malicious files to the disk as they will get detected. It took a lot of work to make r77 fileless, but executing the Installer using RunPE is your part.
• Use DLL unhooking in your process that RunPE's the installer

Of course, r77 will run fine if you just copy Install.exe to the disk and execute it. However, it may get deleted by AV.

ok I place it not on c: but or ? I'm on a virtualbox vm" you said
" It took a lot of work to make r77 fileless, but running the installer using RunPE is your part. Install.exe" RunPE? what is it ?

Use DLL unhooking in your process as RunPE is the installer I'll see for this program. with DLL unhooking, what do I do?
Thank you

[uncidal]

Its a little hard to understand what you mean. Can you try to tell us what you want to achieve? What is your end goal?

[bytecode77]

@MATOM0809 If you are a beginner, then you may be unaware of the techniques that are used, and what techniques you should / shouldn't use in your project.

To put it easy: Just run Install.exe once, and you're set.

[MATOM0809]

C’est un peu difficile de comprendre ce que vous voulez dire. Pouvez-vous essayer de nous dire ce que vous voulez réaliser? Quel est votre objectif final ?

yes I know with translate google, the translation is not the right one of the times. I just want to hide a program that uses a bot

[MATOM0809]

@MATOM0809 Si vous êtes un débutant, alors vous n’êtes peut-être pas au courant des techniques utilisées et des techniques que vous devriez / ne devriez pas utiliser dans votre projet.

Pour le dire facilement: Il suffit de courir une fois, et vous êtes prêt.Install.exe

ok thanx i tested