Skip to content
master
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
src
 
 
 
 
 
 
 
 

readme.md

META TWIN

=================================================================
 ___ ___    ___ ______   ____      ______  __    __  ____  ____
|   |   |  /  _]      | /    |    |      ||  |__|  ||    ||    \
| _   _ | /  [_|      ||  o  |    |      ||  |  |  | |  | |  _  |
|  \_/  ||    _]_|  |_||     | -- |_|  |_||  |  |  | |  | |  |  |
|   |   ||   [_  |  |  |  _  | --   |  |  |        | |  | |  |  |
|   |   ||     | |  |  |  |  |      |  |   \      /  |  | |  |  |
|___|___||_____| |__|  |__|__|      |__|    \_/\_/  |____||__|__|
=================================================================
Author: @joevest
=================================================================

The project is designed as a file resource cloner. Metadata, including digital signature, is extracted from one file and injected into another. Note: Signatures are copied, but no longer valid.

This project is based on a technique I've used for a few years. This has been updated and modified to include copying digital signatures.

Thanks @subtee for the tweet that encouraged this project to be updated and published !!

A blog post on this topic can be found at threatexpress.com

Resources

Note: SigThief and Resource Hacker may not detect valid metadata or digital signature. This project may switch to a different tool set, but for now, be aware of potential limitations.

Install

  • Clone this project
  • Download and unzip Resource Hacker to .\src\resource_hacker\ResourceHacker.exe
  • Enjoy...

Description

A version of this project has existed for several years to help a binary blend into a target environment by modifying it's metadata. A binary's metadata can be replaced with the metadata of a source. This includes values such as Product Name, Product Version, File Version, Copyright, etc. In addition to standard metadata, sigthief is now used to copy a digital signature.

Usage

SYNOPSIS
<<<<<<< HEAD
    Invoke-MetaTwin copies metadata from one file ane inject into another.
=======
    MetaTwin copies metadata and AuthentiCode signature from one file and injects into another.
>>>>>>> development

SYNTAX
    Invoke-MetaTwin [-Source] <Object> [-Target] <Object> [-Sign] 

    Source     Source binary containing metadata and signature
    
    Target     Target binary that will be updated

    Sign       Optional setting that will add the source's digital signature   

Example

c:> powershell -ep bypass
PS> Import-Module c:\tools\metatwin.ps1
PS> cd c:\tools\metatwin\
PS> Invoke-MetaTwin -Source c:\windows\system32\netcfgx.dll -Target .\beacon.exe -Sign

About

The project is designed as a file resource cloner. Metadata, including digital signature, is extracted from one file and injected into another.

Resources

Releases

No releases published

Packages

No packages published
You can’t perform that action at this time.