A kernel-mode rootkit with remote control that utilizes C++ Runtime in it's driver.
Uses DKOM and IRP Hooks.
Hiding Processes, token manipulation , hiding tcp network connections by port...
Tested on Windows 7 SP 1
- Elevate Process privillages to NT AUTHORITY\SYSTEM by token manipulation
- Hide process by unlinking from ActiveProcessLinks
- Remote command execution
- A remote keylogger
- Dropper
- TCP connection hiding by port (IRP hooking)