Multiple ways to embed an executable as a PE resource, drop, and launch it in runtime.
Created for educational purposes. Use at your own risk!
- The filesystem.exe directory hosts a project for an EXE binary that drops tha payload to the filesystem and creates the process from it.
- The filesystem.dll directory hosts a project for a DLL binary that drops tha payload to the filesystem and creates the process from it.
- The inmemory.dll directory hosts a project for a DLL binary that drops a payload to a copy of its own process' memory.
- The inmemory.filesystem.dll directory hosts a project for a DLL binary that drops a payload to the disk and replace it in memory with another payload also extracted from itself.
- The bin.samples directory hosts sample binaries for testing purposes.
- The utils directory hosts helper functions.
This dropper has been used in my (our) participation in the MLSEC competition link here
The Adversarial Malware in Machine Learning Detectors: Our MLSEC 2020’s SECRETs blog post describing our 2020's participation is available here
The article Shallow Security: on the Creation of Adversarial Variants to Evade Machine Learning-Based Malware Detectors published in the Reversing and Offensive-oriented Trends Symposium 2019 (ROOTS) made use of this dropper. Check Here.
The article No Need to Teach New Tricks to Old Malware: Winning an Evasion Challenge with XOR-based Adversarial Samples published in the Reversing and Offensive-oriented Trends Symposium 2020 (ROOTS) made use of this dropper. Check Here.