Project Ares Injector is a Proof of Concept (PoC) loader written in C/C++ based on the
[Enlace externo eliminado para invitados] technique. The loader injects a PE into a remote process and features:
- PPID spoofing
- CIG to block non-Microsoft-signed binaries
- Dynamic function resolution without or APIs
- API hashing
- Unhooks NTDLL by refreshing the section with a clean version from disk
- Minimized use of WIN32 APIs
- Basic sandbox detection
- AES256 CBC encrypted payload loaded from PE resources
The loader is currently only 64-bit and only supports 64-bit payloads.