APCGO

module

v0.0.0-...-4d0e4ef Latest Latest Go to latest Published: Mar 13, 2024 License: MIT

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/jonathankirtland/APCGO

Links

Open Source Insights

README ¶

APCGO

This is a module which allows for APC Injection into a remote process written in go, encryption and decryption of a payload, and some staging. it contains a few evasive techniques, nothing novel. Educational purposes only im not liable for what you do with it.

Packages in `pkg` directory

This directory contains the following packages:

`encryption`

This package provides functions for AES-256 encryption and decryption. It includes functions for padding data, converting byte slices to strings of hex values, reading payloads to files, and reading files to extract components or without extracting components.

Key functions include:

Aes256: Encrypts the data with the key and returns the encrypted data and IV.
EncryptPayload: Encrypts the payload with the key and returns the encrypted payload, IV, and key.
ReadPayloadToFile: Writes the payload to a file.
ReadFileAndExtractComponents: Reads data from the file, extracts the key, IV, and payload.
ReadFileWithoutComponents: Reads data from the file without separating the key, IV, and payload.
DecryptAES: DecryptAES decrypts a ciphertext using the given key and IV

`selfdelete`

This package provides functions for self-deleting executables in Windows. It includes functions for opening a handle to the file to be deleted, renaming the file to a random stream name, marking the file to be deleted on close, and deleting the current running executable.

Key functions include:

SelfDeleteExe: Deletes the current running executable.

`stalling`

This package contains CalculatePrimes which is used to delay execution in sandbox environments

`injection`

This package executes shellcode in a child process using the following steps:

Create a child proccess in a suspended state with CreateProcessW
Allocate RW memory in the child process with VirtualAllocEx
Write shellcode to the child process with WriteProcessMemory
Change the memory permissions to RX with VirtualProtectEx
Add a UserAPC call that executes the shellcode to the child process with QueueUserAPC
Resume the suspended program with ResumeThread function

inject: injects shellcode into a remote process.

Directories ¶

Path	Synopsis
cmd
decryption
encryption
pkg
encryption
injection This package executes shellcode in a child process using the following steps:	This package executes shellcode in a child process using the following steps:
self_delete
stalling

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL

README ¶

APCGO

Packages in pkg directory

encryption

selfdelete

stalling

injection

Directories ¶

Packages in `pkg` directory

`encryption`

`selfdelete`

`stalling`

`injection`