search

bytecode77 / r77-rootkit

Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.
https://bytecode77.com/r77-rootkit
BSD 2-Clause "Simplified" License
1.59k stars 389 forks source link

Attacking all files in to one #3

Closed Dontmindmes closed 5 years ago

Dontmindmes commented 5 years ago

How can i combine the process tohide, the hider, and the dll in to one file

bytecode77 commented 5 years ago

The "process to hide" should refer to your main application, i.e. the installed malware ehem.. software.

Your software's job is similar to the provided example executable: Drop the r77 DLL somewhere and inject it into every process, use AppInit_DLLs or both methods. I recommend AppInit_DLLs, and injecting only after initial installation.

The "hider" thereby refers to your software, which drops and installs the DLL.

And to have only one file, you should deploy r77.dll in the resources of your sofware and unpack it upon installation.