FUD shellcode Injector

Overview

EVA

fully undetectable injector

Update on Monday, July 12 : USE EVA2 INSTEAD .


[+] antiscan.me

antiscanme


YOUR MOM IS A -BITCH- IF YOU UPLOADED THIS TO ANY WEBSITE OTHER THAN antiscan.me

READ THE UPDATE


REQUIREMENTS:

  • visual studio 2019 [ it may work with visual studio 2017 ]
  • cobalt strike [ take a look at my repo cobalt-wipe ]
  • python2 for the encoder

USAGE:

  • create your shellcode (x64 x86 wont work) using cobalt-strike [check my cobalt-wipe repo]
  • place your shellcode inside encoder.py and run it using python2
  • after encoder.py output your encrypted shellcode copy and paste it inside EVA.cpp
  • build the code using visual studio 2019 - Release - x64 x86 wont work
  • enjoy

How Does EVA Work:

  • first EVA will take a look at the running processes to allocate the pid of chrome.exe and inject the shellcode to it.
  • if chrome.exe is not open, EVA will inject the code to explorer.exe instead

DEMO:

[+] You can do your self a favour and disable Automatic Sample Submission in windows defender:

Screenshot 2021-06-25 123639


1- explorer - injection:

explorer.-.injection.mp4

2- chrome - injection:

chrome.-.injection.mp4

special thanks for:

  • hasherezade - for helping me in building EVA inside visual studio
  • and for the person who posted the decoding way in memory, i forgot where i got it from : | if you are seeing this please reply !

please feel free to post any issue or any suggestions

i will be adding more information about how does it work nah i wont, however if you want to know more about the code email me :>


MIT LICENSE

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.


My Empty Ethereum Wallet : 0x1B4944030818392D76672f583884F4A125A4415e

120064592-a5c83480-c075-11eb-89c1-78732ecaf8d3

You might also like...
raincoat is a shellcode injector that uses direct syscall invoking.

raincoat is a shellcode injector that uses direct syscall invoking. by liz @realhaxorleet & ellyysium @ellyysium opening the code may cause brain dama

EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state, inject shellcode, hijack main thread with APC, and execute shellcode
EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state, inject shellcode, hijack main thread with APC, and execute shellcode

HOLLOW - Cobalt Strike BOF Authors: Bobby Cooke (@0xBoku) Justin Hamilton (@JTHam0) Octavio Paguaga (@OakTree__) Matt Kingstone (@n00bRage) Beacon Obj

A USB-PD sniffer/injector/sink based on Google's Twinkie, re-designed to be manufactured by mere mortals.
A USB-PD sniffer/injector/sink based on Google's Twinkie, re-designed to be manufactured by mere mortals.

Twonkie - a USB-PD sniffer based on Google's Twinkie Twonkie is a USB-PD sniffer/injector/sink based on a Google project called Twinkie, re-engineered

A USB-PD sniffer/injector/sink based on Google's Twinkie, re-designed to be manufactured by mere mortals.
A USB-PD sniffer/injector/sink based on Google's Twinkie, re-designed to be manufactured by mere mortals.

Twonkie - a USB-PD sniffer based on Google's Twinkie Twonkie is a USB-PD sniffer/injector/sink based on a Google project called Twinkie, re-engineered

PoC MSVC COFF Object file loader/injector.

COFFInjector A Proof of Concept code - loading and injecting MSVC object file. Blog post with explanation: https://0xpat.github.io/Malware_development

C/C++ Windows Process Injector for Educational Purposes.

ProcessInjector C/C++ Windows Process Injector for Educational Purposes. What does this software do? This is a simple process injector that uses the C

A loadlibrary injector for the game Splitgate that fully bypasses their EQU8 anti-cheat implementation.

splitgate-load-library-injector A loadlibrary injector for the game Splitgate that fully bypasses their EQU8 anti-cheat implementation. Information Th

GlueGD is a mod loader for Geometry Dash that does not require a modification to any existing Geometry Dash files or an external injector or launcher.

GlueGD is a mod loader for Geometry Dash that does not require a modification to any existing Geometry Dash files or an external injector or la

simple C++ dll injector
simple C++ dll injector

Dll-Injector DLL injection is a method of executing arbitrary code in the address space of a separate live process. TECHNICAL DETAILS Open process wit

A LoadLibrary injector for CS:GO that automatically bypasses Trusted Mode by disabling various Win32 function hooks.

TrustedInjector This is a LoadLibrary injector for Counter-Strike: Global Offensive. Information It automatically bypasses trusted mode by removing ho

Edited and relatively up-to-date xenos injector

Xenos Windows dll injector. Based on Blackbone library - https://github.com/DarthTon/Blackbone Changes from the original repository Up-to-date blackbo

An injector is simply a program that injects some sort of file into your game

example-injector What it injector? An injector is simply a program that injects some sort of file into your game. This could be something as benign as

Private internal Cheat-Injector for Valorant

CyberVal-Injector CyberVal is a paste of a internal Valorant Cheat which has been used by several providers like LeagueHell, Enduty and several other

A generic post-processing injector for games and video software.

ReShade This is a generic post-processing injector for games and video software. It exposes an automated way to access both frame color and depth info

FiveM Cheat with KEKHACK. Injected with simple injector in c++.
FiveM Cheat with KEKHACK. Injected with simple injector in c++.

FiveM Cheat with TriggersEvent [KEKHACK] This is the ultimate great source code for building the best cheat FiveM. I'm not going to tell you how to cr

Best EAC/VAC Injector
Best EAC/VAC Injector

DevRcs Dll Injector Implemented Injection Methods We break the injection procedure into serveral "parts", and each part has a few selection of methods

With xshellex you can paste any kind of c-shellcode strings in x64dbg, ollydbg & immunity debugger
With xshellex you can paste any kind of c-shellcode strings in x64dbg, ollydbg & immunity debugger

With xshellex you can paste any kind of c-shellcode strings in x64dbg, ollydbg & immunity debugger. Also you can convert the "binary-copied-clipboard" to c-shellcode string.

Remote Download and Memory Execute for shellcode framework
Remote Download and Memory Execute for shellcode framework

RmExecute Remote Download and Memory Execute for shellcode framework 远程下载并内存加载的ShellCode框架,暂不支持X64 参(抄)考(袭)项目 windows下shellcode提取模板的实现 主要抄袭来源,直接使用这位大佬

POCs for Shellcode Injection via Callbacks

Callback_Shellcode_Injection POCs for Shellcode Injection via Callbacks. Working APIs 1, EnumTimeFormatsA Works 2, EnumWindows Works 3, EnumD

Releases(1)
  • 1(Jun 25, 2021)

    • uses xor encryption / decryption for the shellcode
    • inject chrome.exe process [if found] with the decrypted shellcode
    • inject explorer.exe process [in case chrome.exe isn't found]
    • uses VirtualAllocEx - WriteProcessMemory - CreateRemoteThread --> to inject the shellcode
    • uses CreateToolhelp32Snapshot --> to find the processes
    • work on x64
    Source code(tar.gz)
    Source code(zip)
Owner
YOUR EXPLOITS ARE LIMITED ONLY BY YOUR IMAGINATION
null
shellcode injector

What is Process Injection? It is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of

anas 76 Sep 15, 2022
White-Stuff - a simple xor encoder/decoder for your shellcode

White-Stuff - a simple xor encoder/decoder for your shellcode

null 15 Aug 15, 2022
sc4cpp is a shellcode framework based on C++

sc4cpp is a shellcode framework based on C++

null 60 Aug 23, 2022
This is a brand-new technique for shellcode injection to evade AVs and EDRs

This is a brand-new technique for shellcode injection to evade AVs and EDRs. This technique is inspired by Module Stomping and has some similarities. As to this date (23-01-2022) also hollows-hunter doesn't find it.

Idov 571 Sep 8, 2022
Custom shellcode runner builder w/ CobaltStrike integration

Custom_Builder Custom shellcode runner builder w/ CobaltStrike integration. Compile builder.c using gcc: gcc -o Builder Builder.c Edit the .cna scrip

null 3 Feb 1, 2022
A method from GH on how to stream a dll without touching disk, TAGS: fortnite cheat fortnite injector dll injector

dll-encryptor People who make pay hacks typically have down syndrome and are incapable of using their brains in any fashion, and yet these bath salt s

Micca 2 Nov 24, 2021
Advanced C++ Discord Token Grabber ( FUD )

DTGPlusPlus C++ Discord Token Grabber ( FUD ) ?? Features » High Speed High Execution Rate Using Win32 API Low Size Without Dependence ( Support Win X

null 6 Nov 9, 2021
Manual map shellcode (aka byte array) injector

ShellJector This little tool can download DLL from the internet and inject it as shellcode (aka byte array) into process with manual map injection. Th

Александр Вольф 19 Aug 31, 2022
Encrypted shellcode injector with basic virtual machine evasion using C++

C++ PE Injector Overview Fully undetectable shellcode injector written in C++ with customizable XOR payload encryption/decryption and basic antivirus

Kampourakis Emmanouil 5 Apr 5, 2022
shellcode injector

What is Process Injection? It is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of

anas 76 Sep 15, 2022