Locked PE Obfuscator [C++/C]

By itsMe
April 27, 2023 in Source Code

Followers 0

Start new topic

Recommended Posts

itsMe

Posted April 27, 2023

- Share

Posted April 27, 2023

This is the hidden content, please

PE obfuscator with Evasion in mind , needs Admin Privilege in order to load RTCore64 driver.

The Obfuscator :

- Gets xored Fileless PE from a remote server
- Drop the Loader in the disk
- Add random section to that Loader
- Add the xored Fileless PE to the new created Loader section

The Loader :

- Unhook ntdll from knowndlls
- Drop RTCore64 to the disk
- Load/Install RTCore64
- Exploit RTCore64 to Remove Kernel Callbacks
- xor PE
- Map/Load PE from the added Section
- Stomped a big module that fit the PE.

This is the hidden content, please

Link to comment

Share on other sites

This topic is now closed to further replies.

Followers 0

Go to topic listing

Similar Content
- Batch Obfuscator v2.0
  
  By itsMe, March 7, 2023
  - v2.0
  - obfuscator
  - (and 1 more)
    
    Tagged with:
    
    v2.0
    
    obfuscator
    
    batch
  - 0 replies
  - 348 views
- Batch Obfuscator
  
  By itsMe, April 19, 2023
  - batch
  - obfuscator
  - 1 reply
  - 217 views
- AutoEye + Au3engine [C++/C]
  
  By itsMe, April 18, 2023
  - autoeye
  - au3engine
  - (and 1 more)
    
    Tagged with:
    
    autoeye
    
    au3engine
    
    [c++/c]
  - 0 replies
  - 157 views
- Nobfu Obfuscator
  
  By itsMe, April 12, 2023
  - nobfu
  - obfuscator
  - 0 replies
  - 195 views
- JavaScript Obfuscator Tool Online
  
  By dEEpEst, April 9, 2023
  - tool
  - obfuscator
  - (and 2 more)
    
    Tagged with:
    
    tool
    
    obfuscator
    
    javascript
    
    online
  - 0 replies
  - 283 views

Sign In

Locked PE Obfuscator [C++/C]

Recommended Posts

itsMe

Link to comment

Share on other sites

Similar Content

Batch Obfuscator v2.0

Batch Obfuscator

AutoEye + Au3engine [C++/C]

Nobfu Obfuscator

JavaScript Obfuscator Tool Online

Browse

Activity

Store

Important Information