runpe

Demos of various injection techniques found in malware

A VBA implementation of the RunPE technique or how to bypass application whitelisting.

Run a Exe File (PE Module) in memory (like an Application Loader)

ChimeraPE (a PE injector type - alternative to: RunPE, ReflectiveLoader, etc) - a template for manual loading of EXE, loading imports payload-side

pure-python implementation of MemoryModule technique to load dll and unmanaged exe entirely from memory

Hide malware behind a legit process C#

Cronos Crypter is an simple example of crypter created for educational purposes.

Scantime & Runtime fud crypter written using C# to execute you application in-memory and prevent it from being scanned by Anti-viruses

Process Hollowing in C++ (x86 / x64) - Process PE image replacement

execute a PE in the address space of another PE aka process hollowing

Simple protector to show how to run a payload without dropping it using RunPE Technique

Mystery Legacy Repo is for advanced penetration tools

Golang version of https://github.com/hasherezade/libpeconv

RunPE using Hell's Gate technique.

Software Protector

ZwProcessHollowing is a x64 process hollowing project which uses direct systemcalls, dll unhooking and RC4 payload decryption

Lime Crypter Obfuscator Mod

Loader and RunPE file executer

An implementation of the Process Hollowing technique.

RunPE dump - I wrote this to have better control over the analysis of malwares. I can stop and analysis malware when it uses some of the API's i hook and to dump the memory while it is using RunPE/PH techniques.