Independent Malware

The general process injection malware that we had written earlier won’t even actually work on other machines, and that is because it requires some DLLs provided by Visual Studio in order to run the program. There’s no use of developing something you can’t run on another machine. A DLL stands for Dynamic Link Library and it generally contains some code which can be utilized by other programs. There are a lot of advantages of doing so which can be read on the Microsoft’s official documentation.

Capt. Meelo has done a great job of explaining how we can achieve that on his blog post, so I will just highlight the things he mentioned + a few things that seemed interesting to me.

1. Getting Rid of CRT (C Runtime Library) - Project → Properties → C/C++ → Code Generation → Runtime Library → Multi threaded

1. Ignore Default Libraries - Project → Properties → Linker → Input → Ignore all default libraries → Yes

1. Set Entry Point to main

note that this can also be any other function as well

1. Disabling Security Check

These are the ones mentioned on the blog post, apart from these, I also faced a different error about _RTC_InitBase and 2 others like that, after poking around, I fixed it by changing the value of Basic Runtime Checks to Default

Now after checking the other settings as well, here are a few things that I found would be better to change.

Switch to “Release” mode, this is always preferable when malware has been developed or in its final stage.

No need to use Debug libraries

No need to generate debug info

This should be it, if you have followed till here, thanks :). If you feel like I have missed something or made a mistake, feel free to reach me out on twitter.