Description
Zig-native x64 DLL staged loader: downloads sRDI shellcode from the C2 at runtime and executes it from DllMain.
Overview
Same as zig_clr_staged_exe_x64 but produces a DLL. On DLL_PROCESS_ATTACH a thread downloads the sRDI shellcode and executes it in-memory. Applies Shuffle-ZigFunctions and Inject-ZigStackJitter before compiling to diversify the binary on every build.
Invoke via: rundll32.exe payload.dll,Run
Parameters
| Name | Type | Description |
|---|---|---|
| Optimization | ZigOptimization | Optimization/build mode. Default: ReleaseSmall. |
| Architecture | ZigArchitecture | Target processor architecture (x86, x86_64, aarch64). Default: x86_64. |
| BuildId | string | The build whose payload URL is embedded. Defaults to the current build. |