Comments (7)
I would probably start learning how to program
from pe-union.
@RyanSpeciale I already assume that everyone who wants to modify another developers' project already knows how to program well enough.
@bl4cklabel88
You need a service such as AntiScan.me, where you can scan with multiple AV without sending your test files to the vendors. That way, you can trial and error until you figure out what causes and what evades detection.
Modifications are primarily relevant to the first stage. This code only checks for emulators and decrypts the second stage. This second stage contains particularly malicious code that performs all the RunPE / dropping and whatever. So, at scantime all this stuff is encrypted. The first stage, however, needs adjustments.
Some things that could be flagged:
- Structure, layout & executable format
- Maybe AV has found the decryption routine? -> Change it
- Lack of anything useful that the binary does - may seem malicious
- I've already found that removing some of the emulator detection routines evades some AV. This might be a good place to start.
Whatever pops into your mind, try it out and upload to AntiScan.me. It's a tedious task that requires a lot of patience, but you will eventually succeed as long as you don't publish your modifications.
from pe-union.
@bytecode77 all his repos are forks, that's why I said that. I'm guessing its a kid trying to write malware.
from pe-union.
from pe-union.
I was just messing around, I thought you were some kid just trying to throw some malware together. Glad to see that you are not.
from pe-union.
I'm terrible at writing C
from pe-union.
Closing due to inactivity
from pe-union.
Related Issues (20)
- Crypt HOT 6
- crash with files larger than 15MB HOT 1
- Great Tool and Suggestions for 4.0 HOT 4
- Fully detectable HOT 2
- Detected by Windows Defender HOT 7
- video hướng dẫn HOT 1
- RunPE,Invoke error HOT 9
- Problem with the download file from url option HOT 5
- support for x64 native stub HOT 4
- modifying stub HOT 5
- New to C# HOT 7
- Question abt editing stub HOT 2
- .Net Stub with an Invoke action HOT 1
- use a .Net Stub with an Invoke action HOT 5
- command line support HOT 2
- Marshal.GetDelegateForFunctionPointer HOT 2
- App crashes HOT 1
- Doesn't Work HOT 7
- Issues compiling. HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pe-union.