You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@@ -13,8 +13,8 @@ Versions (so far, I will gradually add more):
- v2: same as v1, but a bit less waiting between cycles and DO NOT terminating unless child process exists. Leading effectively to large number of processes - https://www.virustotal.com/gui/file/4924802fc291094c36e123f0d072c0207157a60ac85bd3275766d00691958ced
- v3: same as v2, but each downloaded copy is binary different (last 4 bytes change randomly each time), leading to unique file hashes. I am providing the source code, but the 'live' service replaces first 8 bytes of each file with `FAKEFAKE`
- v4: exe is compiled dynamically (TCC), with unique strings (for unique file hashes) and different parts of code, such as imports, included/excluded randomly to manipulate imphash etc.
- v5: coming soon.
- v5: still TCC, WinINet+BCrypt, redesigned queries. Described in Phrack - https://phrack.org/issues/71/3.html
- v6: coming soon.
Links to VT will be added with some delay to limit interference between automated and human-driven actions.
