x86-64 Malware Crypter built in Rust for Windows with Anti-VM, powered by memexec

Overview

Rust Crypter

x86-64 Malware Crypter built in Rust for Windows with Anti-VM, powered by memexec

Usage

  1. Put your Portable Executable in /crypt/ and rename it to example.exe (or change the code to be the same name as your PE)
  2. In /crypt/ cargo run (will output encrypted_bytes.bin and key.txt)
  3. move encrypted_bytes.bin and key.txt to /stub/src/
  4. In /stub/ cargo build --target x86_64-pc-windows-gnu --release or build without --release to keep debug symbols
  5. compiled exe will be in /stub/target/debug/ named "stub.exe"

Supported targets

  • Windows x86-64
  • Windows x86

Limitations

  • .NET not supported
  • Files over 600MB not supported

TODO

  • File dialogue choose file instead of renaming code strings/executable names
  • Automatically move encrypted bytes and key into stub for compiling
  • GUI
  • Obfuscated Strings

Disclaimer

This is a tool used to test the Dynamic detection capabilites of AV and EDR, use of this project is at your own risk

References

https://crates.io/crates/memexec https://crates.io/crates/inside-vm

You might also like...
Generic inventory system built in pure rust.

game_inventory A framework for generalizing inventory logic and abstracting it away from item data in your specific game. See more examples and specif

 Gecko is a high-level, general-purpose programming language built on top of the LLVM project.
Gecko is a high-level, general-purpose programming language built on top of the LLVM project.

Gecko is a high-level, general-purpose programming language built on top of the LLVM project. Gecko Technology & principles Gecko is a general-purpose

Nyah is a programming language runtime built for high performance and comes with a scripting language.

🐱 Nyah ( Unfinished ) Nyah is a programming language runtime built for high performance and comes with a scripting language. 🎖️ Status Nyah is not c

Streaming I/O for Linux built on DMA Buffers

dmastorage High-performance I/O for Linux based on DMA Buffers ALPHA QUALITY SOFTWARE Warning DmaStorage is still just a concept and shouldn't be used

Leetcode Solutions in Rust, Advent of Code Solutions in Rust and more

RUST GYM Rust Solutions Leetcode Solutions in Rust AdventOfCode Solutions in Rust This project demostrates how to create Data Structures and to implem

Simple autoclicker written in Rust, to learn the Rust language.

RClicker is an autoclicker written in Rust, written to learn more about the Rust programming language. RClicker was was written by me to learn more ab

Rust programs written entirely in Rust

mustang Programs written entirely in Rust Mustang is a system for building programs built entirely in Rust, meaning they do not depend on any part of

Rust 核心库和标准库的源码级中文翻译,可作为 IDE 工具的智能提示 (Rust core library and standard library translation. can be used as IntelliSense for IDE tools)

Rust 标准库中文版 这是翻译 Rust 库 的地方, 相关源代码来自于 https://github.com/rust-lang/rust。 如果您不会说英语,那么拥有使用中文的文档至关重要,即使您会说英语,使用母语也仍然能让您感到愉快。Rust 标准库是高质量的,不管是新手还是老手,都可以从中

A library for extracting #[no_mangle] pub extern "C" functions (https://docs.rust-embedded.org/book/interoperability/rust-with-c.html#no_mangle)

A library for extracting #[no_mangle] pub extern "C" functions In order to expose a function with C binary interface for interoperability with other p

Comments
  • Error while building stub

    Error while building stub

    Compiling memexec v0.2.0 error[E0425]: cannot find value IMAGE_REL_BASED in this scope --> /home/kali/.cargo/registry/src/github.com-1ecc6299db9ec823/memexec-0.2.0/src/peloader/mod.rs:38:36 | 38 | if (item >> 12) == IMAGE_REL_BASED { | ^^^^^^^^^^^^^^^ not found in this scope

    error[E0412]: cannot find type IMAGE_THUNK_DATA in this scope --> /home/kali/.cargo/registry/src/github.com-1ecc6299db9ec823/memexec-0.2.0/src/peloader/mod.rs:80:79 | 80 | base_addr.offset(import_desc.FirstThunk as isize) as *mut IMAGE_THUNK_DATA, | ^^^^^^^^^^^^^^^^ not found in this scope

    error[E0412]: cannot find type IMAGE_THUNK_DATA in this scope --> /home/kali/.cargo/registry/src/github.com-1ecc6299db9ec823/memexec-0.2.0/src/peloader/mod.rs:82:35 | 82 | as *const IMAGE_THUNK_DATA, | ^^^^^^^^^^^^^^^^ not found in this scope

    error[E0412]: cannot find type IMAGE_THUNK_DATA in this scope --> /home/kali/.cargo/registry/src/github.com-1ecc6299db9ec823/memexec-0.2.0/src/peloader/mod.rs:86:79 | 86 | base_addr.offset(import_desc.FirstThunk as isize) as *mut IMAGE_THUNK_DATA, | ^^^^^^^^^^^^^^^^ not found in this scope

    error[E0412]: cannot find type IMAGE_THUNK_DATA in this scope --> /home/kali/.cargo/registry/src/github.com-1ecc6299db9ec823/memexec-0.2.0/src/peloader/mod.rs:87:81 | 87 | base_addr.offset(import_desc.FirstThunk as isize) as *const IMAGE_THUNK_DATA, | ^^^^^^^^^^^^^^^^ not found in this scope

    error[E0425]: cannot find value IMAGE_ORDINAL_FLAG in this scope --> /home/kali/.cargo/registry/src/github.com-1ecc6299db9ec823/memexec-0.2.0/src/peloader/mod.rs:97:33 | 97 | if thunk_data & IMAGE_ORDINAL_FLAG != 0 { | ^^^^^^^^^^^^^^^^^^ not found in this scope

    error[E0412]: cannot find type IMAGE_THUNK_DATA in this scope --> /home/kali/.cargo/registry/src/github.com-1ecc6299db9ec823/memexec-0.2.0/src/peloader/mod.rs:119:45 | 119 | *iat_ptr = proc_addr as IMAGE_THUNK_DATA; | ^^^^^^^^^^^^^^^^ not found in this scope

    error[E0412]: cannot find type IMAGE_THUNK_DATA in this scope --> /home/kali/.cargo/registry/src/github.com-1ecc6299db9ec823/memexec-0.2.0/src/peloader/mod.rs:153:45 | 153 | *iat_ptr = proc_addr as IMAGE_THUNK_DATA; | ^^^^^^^^^^^^^^^^ not found in this scope

    error[E0412]: cannot find type IMAGE_TLS_DIRECTORY in this scope --> /home/kali/.cargo/registry/src/github.com-1ecc6299db9ec823/memexec-0.2.0/src/peloader/mod.rs:169:60 | 169 | let tls = &*mem::transmute::<*const c_void, *const IMAGE_TLS_DIRECTORY>( | ^^^^^^^^^^^^^^^^^^^ | ::: /home/kali/.cargo/registry/src/github.com-1ecc6299db9ec823/memexec-0.2.0/src/peparser/def.rs:84:9 | 84 | pub struct $name { | ---------------- similarly named struct IMAGE_TLS_DIRECTORY32 defined here | help: a struct with a similar name exists | 169 | let tls = &*mem::transmute::<*const c_void, *const IMAGE_TLS_DIRECTORY32>( | ~~~~~~~~~~~~~~~~~~~~~ help: you might be missing a type parameter | 166 | unsafe fn call_tls_callback<IMAGE_TLS_DIRECTORY>(pe: &PE, base_addr: *const c_void) -> Result<()> { | +++++++++++++++++++++

    Some errors have detailed explanations: E0412, E0425. For more information about an error, try rustc --explain E0412. error: could not compile memexec due to 9 previous errors

    opened by nzyuko 4
Owner
Daniel Ballard
Cyber Security Engineer | Malware and Red Team Developer
Daniel Ballard
A Rust-powered linear programming library for Python.

Dantzig: A Rust-powered LP library for Python Dantzig is a lightweight and concise linear programming solver suitable for small and large-scale proble

Matteo Santamaria 4 Jan 10, 2023
Super-simple, fully Rust powered "memory" (doc store + semantic search) for LLM projects, semantic search, etc.

memex Super simple "memory" for LLM projects, semantic search, etc. Running the service Note that if you're running on Apple silicon (M1/M2/etc.), it'

Spyglass Search 15 Jun 19, 2023
Idiomatic Rust implementations for various Windows string types (like UNICODE_STRING)

nt-string by Colin Finck <[email protected]> Provides idiomatic Rust implementations for various Windows string types: NtUnicodeString (with NtUnicode

Colin Finck 5 Jun 4, 2023
A tray application for Windows that gives you push notifications and instant downloads of new posts, messages and stories posted by models you subscribe to on Onlyfans.

OF-notifier A tray application for Windows that gives you push notifications and instant downloads of new posts, messages and stories posted by models

Gentlemen Mercenary 10 Dec 20, 2022
A process memory reader and debugger for Windows (x86_64)

Winreader Winreader is a process memory reader and debugger for Windows, implemented and developed in the Rust language, using the official Microsoft

null 31 Feb 15, 2023
A skeleton WinRT component that can serve as a substitute for the Region Policy Evaluator in Windows.

Region Policy Evaluator Skeleton A skeleton WinRT component that can serve as a substitute for the Region Policy Evaluator in Windows. Please note tha

Rafael Rivera 3 Nov 20, 2023
Simple daemon built with Rust to track metrics.

Marvin - Metrics Tracker What I cannot create, I do not understand. — Richard Feynman Simple daemon built with Rust to track metrics. The goal is run

João Henrique Machado Silva 3 Aug 30, 2021
Public aircraft & flightroute api Built in Rust for Docker, using PostgreSQL & Redis

api.adsbdb.com public aircraft & flightroute api Built in Rust for Docker, using PostgreSQL & Redis See typescript branch for original typescript vers

Jack Wills 66 Dec 22, 2022
Charted's email service built in Rust that can be connected via gRPC

email-service is a small microservice to help transfer emails towards other people without trying to implement it in different languages. This is used in charted-server for member invitations, passwordless authentication, and more.

charted 7 Mar 6, 2023
A traditional web forum built in Rust with modern technology to be fast, secure, scalable, and stable.

Volksforo A traditional web forum built in Rust with modern technology to be fast, secure, scalable, and stable. Stack Rust actix-web askama ScyllaDB

Josh 5 Mar 21, 2023