Locked LaZzzy: shellcode loader

[itsMe]

This is the hidden content, please

• Sign In
• or
• Sign Up

laZzzy is a shellcode loader that demonstrates different execution techniques commonly employed by malware. laZzzy was developed using different open-source header-only libraries.

Features

    Direct syscalls and native (Nt*) functions (not all functions but most)
    Import Address Table (IAT) evasion
    Encrypted payload (XOR and AES)
        Randomly generated key
        Automatic padding (if necessary) of payload with NOPS (\x90)
        Byte-by-byte in-memory decryption of the payload
    XOR-encrypted strings
    PPID spoofing
    Blocking of non-Microsoft-signed DLLs
    (Optional) Cloning of PE icon and attributes
    (Optional) Code signing with spoofed cert

This is the hidden content, please

• Sign In
• or
• Sign Up