Here we look at x64 self replication technique on win 10/11 environment.
This program is x64 PE infector proof-of-concept. We demonstrate technique such as encrypted payload injection, OEP redirection, stealthy UAC bypass, and recursive infection/self replication with persistence. Built in C++ for modern Windows systems, it balances stealth and functionality while preserving the integrity of infected executables.
designed for research and educational use.
-Bypasses UAC prompt using CMSTPLUA COM elevation moniker technique to prevent prompt on modifying exes.
- Features:
- 8KB total (includes 600byte encrypted payload with MessageBoxA, file creation, and process execution)
- inject RWX .rdata section (auto-aligned, ASLR/PIE-compliant);
- XOR-encrypted payload with dynamic key;
- Hashed API names to evade static analysis
- Random registry key names for persistence
- recursive infection with anti-reinfection check;
- Preserves imports, relocations, TLS, and CFG
- UAC bypass via CMSTPLUA COM interface for 0 prompt
- Written in C++ (MSVC), no external dependencies
- Optimized for Windows 10/11
- Asm shellcode included as hex byte array
PM for details
- Remy
This program is x64 PE infector proof-of-concept. We demonstrate technique such as encrypted payload injection, OEP redirection, stealthy UAC bypass, and recursive infection/self replication with persistence. Built in C++ for modern Windows systems, it balances stealth and functionality while preserving the integrity of infected executables.
designed for research and educational use.
-Bypasses UAC prompt using CMSTPLUA COM elevation moniker technique to prevent prompt on modifying exes.
- Features:
- 8KB total (includes 600byte encrypted payload with MessageBoxA, file creation, and process execution)
- inject RWX .rdata section (auto-aligned, ASLR/PIE-compliant);
- XOR-encrypted payload with dynamic key;
- Hashed API names to evade static analysis
- Random registry key names for persistence
- recursive infection with anti-reinfection check;
- Preserves imports, relocations, TLS, and CFG
- UAC bypass via CMSTPLUA COM interface for 0 prompt
- Written in C++ (MSVC), no external dependencies
- Optimized for Windows 10/11
- Asm shellcode included as hex byte array
PM for details
- Remy
XSS: https://xss.is/members/426284/
PGP: https://pastebin.com/raw/rqry0AuR
Links: https://guns.lol/remio
Telegram: https://t.me/rremyq
PGP: https://pastebin.com/raw/rqry0AuR
Links: https://guns.lol/remio
Telegram: https://t.me/rremyq
