Skip to content

C6appybara/GoneGhost

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

35 Commits
$Build
$Build
 
 
$GG-Example
$GG-Example
 
 
GoneGhost
GoneGhost
 
 
x64DLL
x64DLL
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
GoneGhost.sln
GoneGhost.sln
 
 
README.md
README.md
 
 

Repository files navigation

PROJECT: GoneGhost

ProcVanish

Description

I have been working on this ring3 rootkit to hide processes, files/folders, registry keys and more. I have took inspiration from @bytecode77 for his r77 rootkit. There many more future changes that I want to make but because of my limited time, updates may take some time. I am still a new Malware Dev so expect bugs and issues!!

FEATURES:

  • Hide processes via NtQuerySystemInformation hook.
  • Hide Files/Folder via NtQueryDirectoryFile hook. (NtQueryDirectoryFileEx needs some work.)
  • Hide registry keys from the registry via NtEnumerateKey and NtEnumerateValueKey hook.
  • Using detours hooking library to hook these functions.
  • Hiding files, folders, registry keys, and processes with prefix.

Current task

  1. Indirect syscalls.
  2. if needed api hashing
  3. String hashing

Next up

Work on evasive payload injector:

  1. Shellcode Reflective dll injection.

Later date

About

Ring3 stealth rootkit

Topics

rootkit malware hide hidden ring3

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages