An experimental dynamic malware unpacker based on Intel Pin and PE-sieve

Overview

Pin'n'Sieve

GitHub release

A dynamic malware unpacker based on Intel Pin and PE-sieve (deploys PE-sieve scan on specific triggers). Caution: during the process the malware will be deployed. Use it on a VM only.

WARNING: this is an experimental version

How to build?

To compile the prepared project you need to use Visual Studio >= 2012. It was tested with Intel Pin 3.19.

  1. Clone this repo into \source\tools that is inside your Pin root directory.
  2. Open the project in Visual Studio.
  3. Modify the file my_paths.h, and set the path to windows.h into _WINDOWS_H_PATH_, appropriate to your environment.
  4. The other installation steps are analogous to the ones explained in this Wiki.
You might also like...
Hydrogen is a tiny GDI Malware, with some bytebeat music, many payloads and some shaders
Hydrogen is a tiny GDI Malware, with some bytebeat music, many payloads and some shaders

Hydrogen is a tiny GDI Malware, with some bytebeat music, many payloads and some shaders

A Windows user-mode shellcode execution tool that demonstrates various techniques that malware uses
A Windows user-mode shellcode execution tool that demonstrates various techniques that malware uses

Jektor Toolkit v1.0 This utility focuses on shellcode injection techniques to demonstrate methods that malware may use to execute shellcode on a victi

Multipurpose malware framework utilizing vk.com as c2
Multipurpose malware framework utilizing vk.com as c2

Chimera Loader Multi-purpose malware / updater framework About The Project Chimera loader previously Strator currently serving as a vk.com loader has

🔬Collection of malware, ransomware, RATs, botnets, stealers, etc.
🔬Collection of malware, ransomware, RATs, botnets, stealers, etc.

🔬 Malware collection (جمع البرامج الضارة) What is it? In this repository you can find a huge collection of malicious software that was found on githu

that's simple malware open your cd tray infinity written in c++

Tray Malware that's simple malware open your cd tray infinity written in c++ Which OS Work In Tray Malware Linux Setup Tray Malware sudo apt install m

This is no malware, This is no virus. This is my implementation of the effect from Mrs.Major3.
This is no malware, This is no virus. This is my implementation of the effect from Mrs.Major3.

BloodMelter This is no malware, This is no virus. This is a very small effect of very small blood for a some PC. Table Of Contents Preview About Warni

This is a prank windows malware, is only for fun, it's just for fun, it's not harmful
This is a prank windows malware, is only for fun, it's just for fun, it's not harmful

DBUSTER-PRO (C) 2021-2022 DioBrando This is a prank windows malware, just for fun, nothing harmful. I will teach you how to compile, and remove malwar

An experimental sprite rendering setup utilizing SSBO's, Threading, EnTT reactive systems, and array-textures based sprite caching.

entt-reactive An experimental sprite rendering setup utilizing pooled SSBO's, a multithreaded setup based on Even Todd's The Poor Man's Threading Arch

Kexts enabling native support for Intel Bluetooth chipsets in macOS.

IntelBluetoothFamily Kexts enabling native support for Intel Bluetooth chipsets in macOS. Most of the code is complete, and I am now in the testing ph

Releases(0.2.1)
Owner
hasherezade
hasherezade
The Intel 8080 ("eighty-eighty") is the second 8-bit microprocessor designed and manufactured by Intel.

i8080(Intel 8080) The Intel 8080 ("eighty-eighty") is the second 8-bit microprocessor designed and manufactured by Intel. It first appeared in April 1

VitorMob 13 Oct 29, 2022
Based off of [tarekwiz / League-Unpacker]

val-exception-handler Attempted conversion of [tarekwiz / League-Unpacker (https://github.com/tarekwiz/League-Unpacker/blob/master/Unpackman/Main.cpp)

null 15 Oct 9, 2022
Seam is a pin-based node editor for OpenFrameworks that makes prototyping visual systems easier and faster.

seam Seam is a pin-based node editor for openFrameworks built using: openFrameworks Dear ImGui the node editor extension for ImGui It is heavily WIP,

Austin Clifton 2 Jan 2, 2022
PKG/PFS unpacker for PS4

PS4 PKG/PFS tool (c) 2017-2021 by flatz Dependencies: mbedtls uthash zlib For ubuntu-ish: sudo apt install libmbedtls-dev uthash-dev zlib To produce w

null 63 Sep 20, 2022
OSC Calibrator and High Voltage Fuse Resetter for 8-Pin ATtinys

TinyCalibrator - OSC Calibrator and High-Voltage Fuse Resetter Because the 8-pin ATtinys only have a few GPIO pins available, they are usually operate

Stefan Wagner 39 Aug 25, 2022
CaribouLite turns any 40-pin Raspberry-Pi into a Tx/Rx 6GHz SDR

CaribouLite CaribouLite is an affordable, educational, open-source SDR platform that is also a HAT for the Raspberry-Pi family of boards (40-pin versi

CaribouLabs.co 856 Nov 27, 2022
A video input (V4L2) to NDI converter that works with Raspberry Pi (32-bit and 64-bit), and Intel/AMD CPUs

V4L2 to NDI V4L2 to NDI is an application that connects to attached V4L2 devices and encodes the video signal into NDI It uses the NDI library, allowi

Luke Plassman 49 Nov 12, 2022
Skrull is a malware DRM, that prevents Automatic Sample Submission by AV/EDR and Signature Scanning from Kernel.

Skrull is a malware DRM, that prevents Automatic Sample Submission by AV/EDR and Signature Scanning from Kernel. It generates launchers that can run malware on the victim using the Process Ghosting technique. Also, launchers are totally anti-copy and naturally broken when got submitted.

Sheng-Hao Ma 410 Nov 13, 2022
Research tool able to detect and mitigate evasion techniques used by malware in-the-wild

JuanLesPIN IntelPin tool to detect and mitigate Windows malware evasion techniques. This tool is a prototype developed for a research project whose pa

Lorenzo Maffia 7 May 20, 2022
Orca - Advanced Malware with multifeatures written in ASM/C/C++ , work on all windows versions ! (some features still under developing and not stable)

About Orca Orca is an Advanced Malware with multifeatures written in ASM/C/C++ features Run in Background (Hidden Mode) Records keystrokes and saves t

anas 183 Nov 17, 2022