WMI Virus: Diskless Execution Achieved

2025-01-29
WMI Virus:  Diskless Execution Achieved

A proof-of-concept project, Stuxnet, demonstrates a novel virus that hides its malicious code within the Windows Management Instrumentation (WMI), achieving diskless execution. The virus uses WMI as a filesystem, leveraging a PowerShell script at boot to extract and load the payload into memory. The project includes a novel privilege escalation technique and advanced anti-AV evasion techniques, such as on-demand system library loading and dynamic function offset finding, allowing it to evade detection by major antivirus software and sandboxes. The author also hints at potential kernel-space exploit possibilities within WMI.

Development antivirus evasion