ÏîÄ¿×÷ÕߣºX-AV

ÏîÄ¿µØµã£ºhttps://github.com/XTeam-Wing/X-AV

Ò»¡¢¹¤¾ßÏÈÈÝ

XϵÁÐÇå¾²¹¤¾ß-AVÃâɱ¿ò¼Ü-BypassAV£¬¼ÓÔØ·½·¨£ºSyscall£¬Uuid£¬CreateFiber£¬CreateProcessWithPipe£¬EtwpCreateEtwThread

µÈ¡£¼ÓÃÜ·½·¨£ºXOR¡¢RC4¡¢AES256¡£

¶þ¡¢×°ÖÃÓëʹÓÃ

1¡¢XOR¼ÓÃÜ

ÿÖÖ¼ÓÃܶ¼Ö§³ÖÇ°ÃæÎåÖÖ¼ÓÔØÒªÁì

./X-AV -shellcodepath cdn.bin -o xor.exe -key wing -encrypt xor -loadermethod uuid

2¡¢AES¼ÓÃÜ

aesÐèÒª¼Ósalt

./X-AV -shellcodepath cdn.bin -o aes.exe -key wing -encrypt aes -loadermethod uuid -salt wing

3¡¢RC4

./X-AV -shellcodepath cdn.bin -o rc4.exe -key wing -encrypt rc4 -loadermethod uuid

Èý¡¢ÏÂÔصص㣺

ͨ¹ýÏîÄ¿µØµãÏÂÔØ£ºhttps://github.com/XTeam-Wing/X-AV

ËÄ¡¢ÉùÃ÷£º

½ö¹©Çå¾²Ñо¿Óëѧϰ֮Óã¬Èô½«¹¤¾ß×öÆäËûÓÃ;£¬ÓÉʹÓÃÕ߼縺ËùÓÐÖ´·¨¼°Á¬´øÔðÈΣ¬×÷Õß²»¼ç¸ºÈκÎÖ´·¨¼°Á¬´øÔðÈΡ£