A recreation of the "Nobelium" malware based on Microsofts Malware analysis - Part 1: PDF2Pwn

Overview

Nobelium PdfDownloadRunAesMalware

A recreation of the "Nobelium" malware based on Microsofts Malware analysis - Part 1: PDF2Pwn

1. Download PDF file from internet using WinInet library
- Supports HTTPS
- Supports DropBox API download (like in original) via adding the Bearer Token to the headers of the request
- Supports Domain Fronting by hosting malicious PDF file on CDN, sending request to shared site, and modifying the Host header to the target site
2. Strip the 10 byte PDF Header from the malicious AES Encrypted PDF
3. Strip the 7 byte PDF Footer from the malicious AES Encrypted PDF
4. AES Decrypt the payload using the static AES & IV - via Tiny AES code
5. Run the payload within the processes memory space using Syscalls provided by SysWhisper V2 project

Microsofts Malware Analysis

CREDIT

Issues
  • Minor typo

    Minor typo

    "Promotions and news about SENSAI Japanese beauty products including skincare, make-up, and hair care, made with their signature ingredient, Koishimaru"...

    opened by Kafkamorph 0
Owner
boku
OSWE | eWPTX | OSCE | eCXD | OSCP | SLAE32|64
boku
A recreation of the Spaceworld 1997 Ocarina of Time demo

Zelda Spaceworld ‘97 Experience This project aims to be a mostly accurate representation of the Nintendo Spaceworld 1997 demo of The Legend of Zelda:

null 181 Aug 1, 2022
very simple matrix library, int addition to a recreation of DCM attitude estimation in the form of matrix of C.

matrix very simple matrix library, int addition to a recreation of DCM attitude estimation in the form of matrix of C. the lib include matrix inversio

null 4 Mar 21, 2022
My own recreation of the MiniLibX library used by 42, using glfw & glad.

MLX42 Project still WIP! My own recreation of the MiniLibX library used by 42, using glfw & glad, running on OpenGL 3.3. The goal of MLX42 is to repla

W2Codam 76 Jul 26, 2022
GTA 3/VC HUD recreation for Manhunt.

GTAHud Grand Theft Auto HUD recration for Manhunt. Installation GTAHud requires Ultimate ASI Loader (https://github.com/ThirteenAG/Ultimate-ASI-Loader

null 2 Feb 2, 2022
A recreation of Among Us, but as a multiplayer text adventure

Among FOSS A recreation of Among Us, but as a multiplayer text adventure instead of a graphical client. Building Dependencies json-c ➔ Parsing and sen

f1nniboy 3 Mar 13, 2022
This is the repo for the microcontroller part of project Cleanurge - a scalable IoT powered waste management system, our solution towards a greener world.

Cleanurge A scalable waste management system powered by IoT. There are 3 repositories for the entire cleanurge system in total cleanurge-mcu: Containi

Developer Student Clubs KGEC 6 Oct 11, 2021
libelf as part of elfutils has been a major pain in the ass.

libelf in zig libelf as part of elfutils has been a major pain in the ass. All I want to do is make statically compiled programs that use eBPF (libbpf

Matthew Knight 13 Jul 21, 2021
Vaccine Monitor app implemented in C with system Programming techniques.Projects implemented as part of the course Syspro K24

System_Programming_Projects Vaccine Monitor app implemented in C with system Programming techniques.Projects implemented as part of the course Syspro

Aristi_Papastavrou 10 Dec 30, 2021
THIS REPO IS PART OF WHAT ORCA TOLD ME TO UPLOAD

artifact64 THIS REPO IS PART OF WHAT ORCA TOLD ME TO UPLOAD Generate x64 arch undetactable executables directly from cobalt strike . USAGE : compile u

null 68 Jul 16, 2022
mimic of libc’s printf function (42 Project, mandatory part only)

42printf mimic of libc’s printf function (42 Project, mandatory part only) This hasn't been tested yet by moulinette and is not recommended to take as

null 1 Oct 26, 2021
Final version of my dissertation project at the University of Birmingham as part of MSc. Computer Science degree.

Unfair Edge: A Low-Level Manipulation of Game Memory with Bypassing VAC This repository hosts the code submitted as a dissertation project for MSc. Co

70xhandler 1 Nov 4, 2021
THIS REPO IS PART OF WHAT ORCA TOLD ME TO UPLOAD

ACHLYSv2 How it works: First ACHLYS detects the environment of the machine its being in, by checking sandboxes and debuggers presents. second when the

null 27 Feb 1, 2022
THIS REPO IS PART OF WHAT ORCA TOLD ME TO UPLOAD

ACHLYSv1 How it works: First ACHLYS detects the environment of the machine its being in, by checking sandboxes and debuggers presents. second when the

null 16 Nov 29, 2021
THIS REPO IS PART OF WHAT ORCA TOLD ME TO UPLOAD

How Does 0x41 work: 1- checks the environment [detect sandboxes / debuggers / virtual machines] 2- download the [encrypted] shellcode file [.bin] if t

null 38 Jan 12, 2022
THIS REPO IS PART OF WHAT ORCA TOLD ME TO UPLOAD

WHALE : A AES CRYPTOR USAGE: All u have to do is to build "builder" project and run it according to ur arguments. the builder.exe will then build and

null 39 Jun 27, 2022
Language that provides an abstraction to a PART of GTK difficulty

Welcome to GPP_COMPILER Language that provides an abstraction to a PART of GTK difficulty . To get projet on your computer, clone it using the followi

null 9 Jan 28, 2022
Source code for the data dependency part of Jan Kossmann's PhD thesis "Unsupervised Database Optimization: Efficient Index Selection & Data Dependency-driven Query Optimization"

Unsupervised Database Optimization: Data Dependency-Driven Query Optimization Source code for the experiments presented in Chapter 8 of Jan Kossmann's

Jan Koßmann 4 Apr 24, 2022
An experimental dynamic malware unpacker based on Intel Pin and PE-sieve

Pin'n'Sieve A dynamic malware unpacker based on Intel Pin and PE-sieve (deploys PE-sieve scan on specific triggers). Caution: during the process the m

hasherezade 50 Jun 10, 2022
Skrull is a malware DRM, that prevents Automatic Sample Submission by AV/EDR and Signature Scanning from Kernel.

Skrull is a malware DRM, that prevents Automatic Sample Submission by AV/EDR and Signature Scanning from Kernel. It generates launchers that can run malware on the victim using the Process Ghosting technique. Also, launchers are totally anti-copy and naturally broken when got submitted.

Sheng-Hao Ma 370 Jul 27, 2022