Here we look at x64 self replication technique on win 10/11 environment.
This program is x64 PE infector proof-of-concept. We demonstrate technique such as encrypted payload injection, OEP redirection, stealthy UAC bypass, and recursive infection/self replication with persistence. Built in C++ for modern Windows systems, it balances stealth and functionality while preserving the integrity of infected executables.
designed for research and educational use.
-Bypasses UAC prompt using CMSTPLUA COM elevation moniker technique to prevent prompt on modifying exes.
- Features:
- 8KB total (includes ~600-byte encrypted payload with MessageBoxA, file creation, and process execution)
- Injects RWX .rdata section (auto-aligned, ASLR/PIE-compliant);
- XOR-encrypted payload with dynamic key;
- Hashed API names to evade static analysis
- Random registry key names for persistence
- Recursive infection with anti-reinfection checks
- Preserves imports, relocations, TLS, and CFG
- UAC bypass via CMSTPLUA COM interface for 0 prompt
- Written in C++ (MSVC), no external dependencies
- Optimized for Windows 10/11
- Asm shellcode included as hex byte array
PM for details - I still cant attach code blocks
- Remy
This program is x64 PE infector proof-of-concept. We demonstrate technique such as encrypted payload injection, OEP redirection, stealthy UAC bypass, and recursive infection/self replication with persistence. Built in C++ for modern Windows systems, it balances stealth and functionality while preserving the integrity of infected executables.
designed for research and educational use.
-Bypasses UAC prompt using CMSTPLUA COM elevation moniker technique to prevent prompt on modifying exes.
- Features:
- 8KB total (includes ~600-byte encrypted payload with MessageBoxA, file creation, and process execution)
- Injects RWX .rdata section (auto-aligned, ASLR/PIE-compliant);
- XOR-encrypted payload with dynamic key;
- Hashed API names to evade static analysis
- Random registry key names for persistence
- Recursive infection with anti-reinfection checks
- Preserves imports, relocations, TLS, and CFG
- UAC bypass via CMSTPLUA COM interface for 0 prompt
- Written in C++ (MSVC), no external dependencies
- Optimized for Windows 10/11
- Asm shellcode included as hex byte array
PM for details - I still cant attach code blocks
- Remy
