Awesome
Win_Rootkit
A kernel-mode rootkit with remote control that utilizes C++ Runtime in it's driver.
Uses DKOM and IRP Hooks.
Hiding Processes, token manipulation , hiding tcp network connections by port...
Hiding TCP network connections:
Hiding Processes:
Process elevation (token manipulation):
Tested on Windows 7 SP 1
Features
- Elevate Process privillages to NT AUTHORITY\SYSTEM by token manipulation
- Hide process by unlinking from ActiveProcessLinks
- Remote command execution
- A remote keylogger
- Dropper
- TCP connection hiding by port (IRP hooking)