The goal of this project is to show a variety of custom malware droppers.
Useful websites:
- github.com/ivan-sincek/invoker
- github.com/gentilkiwi/mimikatz
- elastic.co
- learn.microsoft.com
- processhacker.sourceforge.io
- undocumented.ntinternals.net
- pinvoke.net
- C++ to C# Converter (free edition)
Made for educational purposes. I hope it will help!
Using gzip, XOR, and Base64 to encode Mimikatz v2.2.0 (64-bit); using process hollowing into C:\Windows\System32\cmd.exe (64-bit) to run it.
Built with Visual Studio Community 2019 v16.11.10 (64-bit), written in C# (.NET Framework v3.5), and tested on Windows 10 Enterprise OS (64-bit).
Check the code in these files:
- /src/Dropper/Dropper/Payload.cs (payload | set your encoded PE string here)
- /src/Dropper/Dropper/XZip64.cs (decoder)
- /src/Dropper/Dropper/Program.cs (main | set your decoding key here)
- /src/Dropper/Dropper/Process.cs (process hollowing)
Usage: Encoder.exe <file> <key>