Demos of various injection techniques found in malware
-
Updated
Feb 15, 2022 - C
Demos of various injection techniques found in malware
A VBA implementation of the RunPE technique or how to bypass application whitelisting.
ChimeraPE (a PE injector type - alternative to: RunPE, ReflectiveLoader, etc) - a template for manual loading of EXE, loading imports payload-side
pure-python implementation of MemoryModule technique to load dll and unmanaged exe entirely from memory
Cronos Crypter is an simple example of crypter created for educational purposes.
Tool to evade Antivirus With Different Techniques
Simple protector to show how to run a payload without dropping it using RunPE Technique
Software Protector
ZwProcessHollowing is a x64 process hollowing project which uses direct systemcalls, dll unhooking and RC4 payload decryption
execute a PE in the address space of another PE aka process hollowing
Nim process hollowing loader
RunPE dump - I wrote this to have better control over the analysis of malwares. I can stop and analysis malware when it uses some of the API's i hook and to dump the memory while it is using RunPE/PH techniques.
Make "upx -d" unpacking impossible!
Lime Crypter Obfuscator Mod
An implementation of the Process Hollowing technique.
Add a description, image, and links to the runpe topic page so that developers can more easily learn about it.
To associate your repository with the runpe topic, visit your repo's landing page and select "manage topics."