Skip to content

marcusbotacin/Dropper

master
Switch branches/tags
Code

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 

Dropper

Multiple ways to embed an executable as a PE resource, drop, and launch it in runtime.

Created for educational purposes. Use at your own risk!

Available Material

  • The filesystem.exe directory hosts a project for an EXE binary that drops tha payload to the filesystem and creates the process from it.
  • The filesystem.dll directory hosts a project for a DLL binary that drops tha payload to the filesystem and creates the process from it.
  • The inmemory.dll directory hosts a project for a DLL binary that drops a payload to a copy of its own process' memory.
  • The inmemory.filesystem.dll directory hosts a project for a DLL binary that drops a payload to the disk and replace it in memory with another payload also extracted from itself.
  • The bin.samples directory hosts sample binaries for testing purposes.
  • The utils directory hosts helper functions.

Usage

This dropper has been used in my (our) participation in the MLSEC competition link here

The Adversarial Malware in Machine Learning Detectors: Our MLSEC 2020’s SECRETs blog post describing our 2020's participation is available here

Publications

The article Shallow Security: on the Creation of Adversarial Variants to Evade Machine Learning-Based Malware Detectors published in the Reversing and Offensive-oriented Trends Symposium 2019 (ROOTS) made use of this dropper. Check Here.

The article No Need to Teach New Tricks to Old Malware: Winning an Evasion Challenge with XOR-based Adversarial Samples published in the Reversing and Offensive-oriented Trends Symposium 2020 (ROOTS) made use of this dropper. Check Here.

About

Embed an executable as a PE resource, drops and launches it in runtime.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages