{"id":19299016,"url":"https://github.com/guitmz/midrashim","last_synced_at":"2025-04-22T09:32:49.649Z","repository":{"id":85377605,"uuid":"310380513","full_name":"guitmz/midrashim","owner":"guitmz","description":"PT_NOTE to PT_LOAD x64 ELF infector written in Assembly","archived":false,"fork":false,"pushed_at":"2021-10-16T17:00:51.000Z","size":37,"stargazers_count":43,"open_issues_count":0,"forks_count":6,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-04-01T22:09:50.019Z","etag":null,"topics":["asm","assembly","elf","infector","linux","malware","virus"],"latest_commit_sha":null,"homepage":"https://www.guitmz.com/linux-midrashim-elf-virus/","language":"Assembly","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/guitmz.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2020-11-05T18:08:30.000Z","updated_at":"2025-03-24T22:05:54.000Z","dependencies_parsed_at":null,"dependency_job_id":"b8df9cf9-45db-487b-9567-988c964ee583","html_url":"https://github.com/guitmz/midrashim","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/guitmz%2Fmidrashim","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/guitmz%2Fmidrashim/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/guitmz%2Fmidrashim/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/guitmz%2Fmidrashim/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/guitmz","download_url":"https://codeload.github.com/guitmz/midrashim/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250215366,"owners_count":21393787,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["asm","assembly","elf","infector","linux","malware","virus"],"created_at":"2024-11-09T23:09:50.123Z","updated_at":"2025-04-22T09:32:49.395Z","avatar_url":"https://github.com/guitmz.png","language":"Assembly","funding_links":[],"categories":["Malware Analysis"],"sub_categories":["Web Malwares"],"readme":"# Linux.Midrashim\nThis is my first x64 ELF infector written in full Assembly. It contains a non destructive payload and will infect other ELF ([PIE](https://en.wikipedia.org/wiki/Position-independent_code) is also supported) on current directory only and not recursively. It uses `PT_NOTE to PT_LOAD` infection technique.\n\n\n# Build\nAssemble it with [FASM](https://flatassembler.net) x64.\n```\n$ fasm Linux.Midrashim.asm\nflat assembler  version 1.73.25  (16384 kilobytes memory, x64)\n3 passes, 2631 bytes.\n\n$ file Linux.Midrashim\nELF 64-bit LSB executable, x86-64, version 1 (GNU/Linux), statically linked, stripped\n\n$ sha256sum Linux.Midrashim\n8f1a835ad6f5c58b397109e28409ec0556d6d374085361c6525f73d5ca5785eb  Linux.Midrashim\n```\n\n# Demo\n[![asciicast](https://asciinema.org/a/383841.svg)](https://asciinema.org/a/383841)\n\n# References:\n- https://www.symbolcrash.com/2019/03/27/pt_note-to-pt_load-injection-in-elf\n- https://www.wikidata.org/wiki/Q6041496\n- https://legacyofkain.fandom.com/wiki/Ozar_Midrashim\n- https://en.wikipedia.org/wiki/Don%27t_Be_Afraid_(album)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fguitmz%2Fmidrashim","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fguitmz%2Fmidrashim","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fguitmz%2Fmidrashim/lists"}