Finished a fun project, this was a nice little challenge, and now im releasing it.
This is a downloader/dropper 90%C 10%ASM.
I finished a similar downloader using "classic" hosting method, and i realised it was kind of a pain in the ass to find a good hoster who offer direct download to exe files.
So this project is using pastebin, github, or any other pastebin like site, no need to host your payload in clear on a classic files hoster.
Features:
- Currently 0/56
- Use GITHUB or PASTEBIN as host for your payload
- Native
- Hosted payload is encrypted and hashed
In detail Features:
- Finding & Calling WinApi using hashes
- Hidden WinApi Calls
- 4-5KB stub (for compatibility reason with W10, otherwise it is 2kb)
- Bypassing scantime dynamic analysis of OPCODES from AVs (this was the fun part)
(Funny how the "legit" files are more detected than the payload)
Instruction:
1- Get the encrypted string of your crypted.exe using Encryptor.exe, use "Encrypt EXE.bat" or Encryptor.exe <filename>
2- Upload the string to any text site, i tested: (150kb max) and (1mb max)
NOTE: don't forget to use the RAW url, like:
3- Patch the Stager using Patcher.exe, use "Generate EXE.bat" or Patcher.exe <URL>
4- Profit ??? downloader.exe is the output file and is ready to be used.
This is a downloader/dropper 90%C 10%ASM.
I finished a similar downloader using "classic" hosting method, and i realised it was kind of a pain in the ass to find a good hoster who offer direct download to exe files.
So this project is using pastebin, github, or any other pastebin like site, no need to host your payload in clear on a classic files hoster.
Features:
- Currently 0/56
- Use GITHUB or PASTEBIN as host for your payload
- Native
- Hosted payload is encrypted and hashed
In detail Features:
- Finding & Calling WinApi using hashes
- Hidden WinApi Calls
- 4-5KB stub (for compatibility reason with W10, otherwise it is 2kb)
- Bypassing scantime dynamic analysis of OPCODES from AVs (this was the fun part)
You must reply to see the hidden content. Consider upgrading your account to increase your reply limit.
(Funny how the "legit" files are more detected than the payload)
Instruction:
1- Get the encrypted string of your crypted.exe using Encryptor.exe, use "Encrypt EXE.bat" or Encryptor.exe <filename>
2- Upload the string to any text site, i tested: (150kb max) and (1mb max)
NOTE: don't forget to use the RAW url, like:
3- Patch the Stager using Patcher.exe, use "Generate EXE.bat" or Patcher.exe <URL>
4- Profit ??? downloader.exe is the output file and is ready to be used.
!
