{"id":15374444,"url":"https://github.com/ivan-sincek/malware-droppers","last_synced_at":"2025-04-15T15:11:52.163Z","repository":{"id":65483889,"uuid":"590194590","full_name":"ivan-sincek/malware-droppers","owner":"ivan-sincek","description":"Custom malware droppers written in multiple languages.","archived":false,"fork":false,"pushed_at":"2023-02-04T11:20:47.000Z","size":12,"stargazers_count":6,"open_issues_count":0,"forks_count":3,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-04-15T15:11:50.223Z","etag":null,"topics":["c-sharp","decoder","defensive-security","encoder","ethical-hacking","malware","mimikatz","offensive-security","penetration-testing","process-hollowing","red-team-engagement","reverse-engineering","security","visual-studio","windows","windows-penetration-testing"],"latest_commit_sha":null,"homepage":"","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ivan-sincek.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2023-01-17T21:19:47.000Z","updated_at":"2025-03-14T08:44:51.000Z","dependencies_parsed_at":"2023-02-14T06:45:38.856Z","dependency_job_id":null,"html_url":"https://github.com/ivan-sincek/malware-droppers","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ivan-sincek%2Fmalware-droppers","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ivan-sincek%2Fmalware-droppers/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ivan-sincek%2Fmalware-droppers/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ivan-sincek%2Fmalware-droppers/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ivan-sincek","download_url":"https://codeload.github.com/ivan-sincek/malware-droppers/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249094932,"owners_count":21211837,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["c-sharp","decoder","defensive-security","encoder","ethical-hacking","malware","mimikatz","offensive-security","penetration-testing","process-hollowing","red-team-engagement","reverse-engineering","security","visual-studio","windows","windows-penetration-testing"],"created_at":"2024-10-01T13:58:48.289Z","updated_at":"2025-04-15T15:11:52.147Z","avatar_url":"https://github.com/ivan-sincek.png","language":"C#","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Malware Droppers\n\nThe goal of this project is to show a variety of custom malware droppers.\n\nUseful websites:\n\n* [github.com/ivan-sincek/invoker](https://github.com/ivan-sincek/invoker/blob/master/src/Invoker/Invoker/lib/invoker/invoker.cpp)\n* [github.com/gentilkiwi/mimikatz](https://github.com/gentilkiwi/mimikatz)\n* [elastic.co](https://www.elastic.co/blog/ten-process-injection-techniques-technical-survey-common-and-trending-process)\n* [learn.microsoft.com](https://learn.microsoft.com/en-us/windows/win32/debug/pe-format)\n* [processhacker.sourceforge.io](https://processhacker.sourceforge.io/doc/index.html)\n* [undocumented.ntinternals.net](http://undocumented.ntinternals.net/index.html)\n* [pinvoke.net](https://www.pinvoke.net)\n* [C++ to C# Converter](https://www.tangiblesoftwaresolutions.com/product_details/cplusplus_to_csharp_converter_details.html) (free edition)\n\nMade for educational purposes. I hope it will help!\n\n## Table of Contents\n\n* [1. C# Process Hollowing](#1-c-process-hollowing)\n\t* [1.1  Encoder](#11-encoder)\n\n## 1. C# Process Hollowing\n\nUsing gzip, XOR, and Base64 to encode [Mimikatz v2.2.0](https://github.com/gentilkiwi/mimikatz/releases/tag/2.2.0-20220919) (64-bit); using process hollowing into C:\\\\Windows\\\\System32\\\\cmd.exe (64-bit) to run it.\n\nBuilt with Visual Studio Community 2019 v16.11.10 (64-bit), written in C# (.NET Framework v3.5), and tested on Windows 10 Enterprise OS (64-bit).\n\nCheck the code in these files:\n\n* [/src/Dropper/Dropper/Payload.cs](https://github.com/ivan-sincek/malicious-dropper/blob/master/src/Dropper/Dropper/Payload.cs) (payload | set your encoded PE string here)\n* [/src/Dropper/Dropper/XZip64.cs](https://github.com/ivan-sincek/malicious-dropper/blob/master/src/Dropper/Dropper/XZip64.cs) (decoder)\n* [/src/Dropper/Dropper/Program.cs](https://github.com/ivan-sincek/malicious-dropper/blob/master/src/Dropper/Dropper/Program.cs) (main | set your decoding key here)\n* [/src/Dropper/Dropper/Process.cs](https://github.com/ivan-sincek/malicious-dropper/blob/master/src/Dropper/Dropper/Process.cs) (process hollowing)\n\n### 1.1 Encoder\n\n```fundamental\nUsage: Encoder.exe \u003cfile\u003e \u003ckey\u003e\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fivan-sincek%2Fmalware-droppers","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fivan-sincek%2Fmalware-droppers","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fivan-sincek%2Fmalware-droppers/lists"}