DLL section stomping Edition

This release introduces a polymorphic PE loader embedding a mimikatz x64 payload encoded via a 10,000-word English dictionary.
Each byte is mapped to a unique word, split into randomly-sized shuffled chunks, and reconstructed at runtime.

Improvements over previous editions:

• RC4 stream cipher encryption — payload encrypted with a derived RC4 key, XOR-free, less pattern-recognizable than simple XOR loops
• DLL section stomping — instead of anonymous VirtualAlloc regions (easily flagged), the encrypted payload is written directly into the .text section of a large legitimate DLL (ieframe.dll or equivalent), making the memory region appear backed by a real DLL on disk
• Polymorphic chunking — payload split into randomly-sized chunks stored in shuffled order, unique binary on every generation
• In-memory execution — decrypts, maps, resolves imports, relocates sections and transfers execution via a new thread
• SHA-256 Proof-of-Work — ~40–50s anti-sandbox delay before execution
• Stack strings — sensitive API names (LoadLibraryA, GetProcAddress, VirtualProtect...) built char-by-char at runtime
• Full identifier randomization — all C++ function/variable names randomized at generation time

---

Disclaimer: This release is purely for educational and research purposes. Use responsibly.