An experimental dynamic malware unpacker based on Intel Pin and PE-sieve

Last update: Dec 16, 2022

Related tags

Overview

Pin'n'Sieve

A dynamic malware unpacker based on Intel Pin and PE-sieve (deploys PE-sieve scan on specific triggers). Caution: during the process the malware will be deployed. Use it on a VM only.

WARNING: this is an experimental version

How to build?

To compile the prepared project you need to use Visual Studio >= 2012. It was tested with Intel Pin 3.19.

Clone this repo into \source\tools that is inside your Pin root directory.
Open the project in Visual Studio.
Modify the file my_paths.h, and set the path to windows.h into _WINDOWS_H_PATH_, appropriate to your environment.
The other installation steps are analogous to the ones explained in this Wiki.

You might also like...

A Windows user-mode shellcode execution tool that demonstrates various techniques that malware uses

Jektor Toolkit v1.0 This utility focuses on shellcode injection techniques to demonstrate methods that malware may use to execute shellcode on a victi

95 Sep 5, 2022

Multipurpose malware framework utilizing vk.com as c2

Chimera Loader Multi-purpose malware / updater framework About The Project Chimera loader previously Strator currently serving as a vk.com loader has

13 Jan 1, 2023

🔬Collection of malware, ransomware, RATs, botnets, stealers, etc.

🔬 Malware collection (جمع البرامج الضارة) What is it? In this repository you can find a huge collection of malicious software that was found on githu

455 Oct 30, 2022

that's simple malware open your cd tray infinity written in c++

Tray Malware that's simple malware open your cd tray infinity written in c++ Which OS Work In Tray Malware Linux Setup Tray Malware sudo apt install m

1 Dec 25, 2021

This is no malware, This is no virus. This is my implementation of the effect from Mrs.Major3.

BloodMelter This is no malware, This is no virus. This is a very small effect of very small blood for a some PC. Table Of Contents Preview About Warni

4 Dec 21, 2022

This is a prank windows malware, is only for fun, it's just for fun, it's not harmful

8 Apr 15, 2022

A video input (V4L2) to NDI converter that works with Raspberry Pi (32-bit and 64-bit), and Intel/AMD CPUs

V4L2 to NDI V4L2 to NDI is an application that connects to attached V4L2 devices and encodes the video signal into NDI It uses the NDI library, allowi

52 Dec 30, 2022

Kexts enabling native support for Intel Bluetooth chipsets in macOS.

IntelBluetoothFamily Kexts enabling native support for Intel Bluetooth chipsets in macOS. Most of the code is complete, and I am now in the testing ph

136 Dec 19, 2022

Mobile platform for analysis of localization methods using the Intel RealSense T265 sensor

OptiBot Mobile platform for analysis of localization methods using the Intel RealSense T265 sensor About | Content | Implementation | License | Author

2 Feb 17, 2022

Releases(0.2.1)

0.2.1(Jan 27, 2022)

📖 README.md

WARNING: experimental version

Updated PE-sieve to v0.3.3

Requires Intel Pin 3.19 or above. I am sorry but Intel does not allow for distribution of compiled Pin Tools. So, you need to compile them from the sources. Follow the steps described in the README.
Source code(tar.gz)
Source code(zip)
0.2(Jul 25, 2021)

📖 README.md

WARNING: experimental version

Requires Intel Pin 3.19 or above. I am sorry but Intel does not allow for distribution of compiled Pin Tools. So, you need to compile them from the sources. Follow the steps described in the README.
Source code(tar.gz)
Source code(zip)
0.1(Jul 17, 2021)

📖 README.md

WARNING: experimental version

Requires Intel Pin 3.19 or above. I am sorry but Intel does not allow for distribution of compiled Pin Tools. So, you need to compile them from the sources. Follow the steps described in the README.
Source code(tar.gz)
Source code(zip)

Owner

hasherezade

GitHub

The Intel 8080 ("eighty-eighty") is the second 8-bit microprocessor designed and manufactured by Intel.

i8080(Intel 8080) The Intel 8080 ("eighty-eighty") is the second 8-bit microprocessor designed and manufactured by Intel. It first appeared in April 1

13 Oct 29, 2022

Based off of [tarekwiz / League-Unpacker]

val-exception-handler Attempted conversion of [tarekwiz / League-Unpacker (https://github.com/tarekwiz/League-Unpacker/blob/master/Unpackman/Main.cpp)

15 Oct 9, 2022

Seam is a pin-based node editor for OpenFrameworks that makes prototyping visual systems easier and faster.

seam Seam is a pin-based node editor for openFrameworks built using: openFrameworks Dear ImGui the node editor extension for ImGui It is heavily WIP,

2 Jan 2, 2022

PKG/PFS unpacker for PS4

63 Sep 20, 2022

OSC Calibrator and High Voltage Fuse Resetter for 8-Pin ATtinys

TinyCalibrator - OSC Calibrator and High-Voltage Fuse Resetter Because the 8-pin ATtinys only have a few GPIO pins available, they are usually operate

41 Dec 30, 2022

CaribouLite turns any 40-pin Raspberry-Pi into a Tx/Rx 6GHz SDR

CaribouLite CaribouLite is an affordable, educational, open-source SDR platform that is also a HAT for the Raspberry-Pi family of boards (40-pin versi

858 Dec 15, 2022

Skrull is a malware DRM, that prevents Automatic Sample Submission by AV/EDR and Signature Scanning from Kernel.

Skrull is a malware DRM, that prevents Automatic Sample Submission by AV/EDR and Signature Scanning from Kernel. It generates launchers that can run malware on the victim using the Process Ghosting technique. Also, launchers are totally anti-copy and naturally broken when got submitted.

413 Dec 10, 2022

Research tool able to detect and mitigate evasion techniques used by malware in-the-wild

JuanLesPIN IntelPin tool to detect and mitigate Windows malware evasion techniques. This tool is a prototype developed for a research project whose pa

8 Dec 30, 2022

Orca - Advanced Malware with multifeatures written in ASM/C/C++ , work on all windows versions ! (some features still under developing and not stable)

About Orca Orca is an Advanced Malware with multifeatures written in ASM/C/C++ features Run in Background (Hidden Mode) Records keystrokes and saves t

182 Dec 26, 2022

Hydrogen is a tiny GDI Malware, with some bytebeat music, many payloads and some shaders

28 Nov 12, 2022