RunPE

 Uncategorized  Add comments
Juil 222019
 

A demo to run a encrypted xored encrypted PE within the memory of another PE (and therefore possibly bypass anti virus softwares)

See https://github.com/erwan2212/XOR-freepascal about xoring / encrypting a file.

Code is currently set to use cmd.exe (x86/x64) as target host.

host32.exe/host64.exe are also provided in the zip if you wish the modify the code to use a « neutral » host.

Source code and binaries can be found here.

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)

Ce site utilise Akismet pour réduire les indésirables. En savoir plus sur comment les données de vos commentaires sont utilisées.