dobin / avred Goto Github PK
View Code? Open in Web Editor NEWAnalyse your malware to surgically obfuscate it
Home Page: https://avred.r00ted.ch
License: GNU General Public License v3.0
Analyse your malware to surgically obfuscate it
Home Page: https://avred.r00ted.ch
License: GNU General Public License v3.0
When scanning an un-obfuscated "Rubeus.exe", ESET scans forever / or avred continues to be stuck in a loop, and no log files are generated. Rubeus is just used as an example, it does this with every binary I've tested (seatbelt, sharphound, etc).
Do we need to configure specifically for ESET ?
Should be able to tunnel via SOCKS5 on server.
This issue can be replicated with creating a simple nim program, for eg.
echo "Hello World"
and compiling it with on linux:
nim c --app=console -d:exe -d:mingw --cpu=amd64 -d:debug -d:strip -d:exe --out=helloworld.exe helloworld.nim
scan with avred results in following output:
╰─ python3 ./avred.py --file helloworld.exe ─╯
[INFO ][2023-09-11 14:33:58,601] main() :: Using file: helloworld.exe
[INFO ][2023-09-11 14:33:58,601] handleFile() :: Handle file: helloworld.exe
[INFO ][2023-09-11 14:33:58,605] handleFile() :: Using parser for file type EXE
[INFO ][2023-09-11 14:33:58,647] parseFile() :: Section is invalid, not scanning: .bss addr:0 size:0
[INFO ][2023-09-11 14:33:58,647] handleFile() :: Using scanner from command line: amsi
[INFO ][2023-09-11 14:33:58,649] load() :: Loading HashCache
[INFO ][2023-09-11 14:33:58,650] load() :: 0 hashes loaded
Traceback (most recent call last):
File "/home/*****/Downloads/avred/./avred.py", line 354, in <module>
main()
File "/home//*****//Downloads/avred/./avred.py", line 76, in main
handleFile(args.file, args, args.server)
File "/home//*****//Downloads/avred/./avred.py", line 178, in handleFile
outcome.scanInfo = ScanInfo(scanner.scanner_name, analyzerOptions['scanSpeed'])
~~~~~~~~~~~~~~~^^^^^^^^^^^^^
KeyError: 'scanSpeed'
Any other file types work as expected.
Currently there are two or three windows APIs used:
At least merge inject/ and syscalls/. Preferable replace with direct syscalls in pure go, if possible.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.