- Joined
- Jan 8, 2019
- Messages
- 56,623
- Solutions
- 2
- Reputation
- 32
- Reaction score
- 100,455
- Points
- 2,313
- Credits
- 32,750
6 Years of Service
76%
Demo work of injection into someone else's address space process.
RunPE Builder V3 is a simple constructor that allows you to clearly demonstrate the ProcessHollowing(RunPE) injection type, without having to compile the project yourself, the builder also automates the process of packing the malware body into encrypted bytes, which is later placed in the stub that implements its operation in memory, also taking into account previous errors, the encryption algorithm was replaced with a more compact one, namely XOR, which does not require additional dependencies, based on my own motives, I also included some additional functions - this is a custom obfuscation engine that I always integrate into any of my projects, as well as several additional functions in the form of: Autostart, Self-removal of a file after injection and also support for randomized processes for injections both native and dotnet
Randomized inject: Supporting .NET and NATIVE files to inject.
Self-Removal (Melting): Removes itself from the disk after execution.
Autorun: Adds a file to startup.
Conditional Compilation: Allows the builder to include only the features and options chosen by the user, making the final build more streamlined.
Custom Renaming and Obfuscation: Includes customizable renaming of functions and string encryption to make the code less readable and harder to analyze.This project is for educational purposes only, intended for studying malware and security techniques. The author is not responsible for any malicious use of this software.