evilhiding

Shellcode loader, bypassav, antivirus bypass tool, a Python-based shellcode bypass loader

Tool Analysis

• Remote control trigger to bypass sandbox protection

• 

  Obfuscation with flower commands

• Loader and shellcode are encrypted with fernet

• Trigger obfuscation to interfere with feature codes

• Automatically refresh the md5 of the ico image to prevent the icon feature code from being detected

Project Address

Open source on GitHub, please give me some stars hahaha (stars are the driving force for updates)

https://github.com/coleak2021/evilhiding.git

Usage

• Install dependencies

pip install -r requirements.txt

• Execute main.py

Fill in the shellcode in main.py
python main.py # Generates a.txt and b.py

• Place a.txt on the VPS and fill in the URL of a.txt in b.py, then execute create.py

For example: url='http://192.168.52.129/a.txt'
python create.py
Generate HipsMain.exe under the dist directory

Only supports compiling on Windows systems!

Antivirus Bypass Test

Over firewalld

Over defender

Dynamic Execution

Declaration

• It is only for technical research and officially authorized testing activities. Any direct or indirect consequences and losses caused by the dissemination or use of this tool shall be borne by the user, and the author shall not assume any responsibility for it.

• The tool doesn't require much technical expertise; it's just about building on the shoulders of predecessors.

• If it can't bypass the antivirus, please raise an issue. Stars are the continuous driving force, hahaha.