Description
Per-build obfuscated Zig-native x64 DLL that XOR-encodes and executes the sRDI shellcode payload in-memory.
Overview
Same approach as zig_clr_exe_x64 but produces a DLL. On DLL_PROCESS_ATTACH a thread is spawned that decodes the XOR-encoded sRDI shellcode and executes it, reflectively loading the .NET implant. Applies Shuffle-ZigFunctions and Inject-ZigStackJitter before compiling to diversify the binary on every build.
Invoke via: rundll32.exe payload.dll,Run
Parameters
| Name | Type | Description |
|---|---|---|
| Optimization | ZigOptimization | Optimization/build mode. Default: ReleaseSmall. |
| Architecture | ZigArchitecture | Target processor architecture (x86, x86_64, aarch64). Default: x86_64. |
| BuildId | string | The build to embed. Defaults to the current build. |