{"id":25726904,"url":"https://github.com/neyrian/notsoharmfuldll","last_synced_at":"2026-06-13T03:01:39.876Z","repository":{"id":277367379,"uuid":"932208646","full_name":"Neyrian/NotSoHarmfulDLL","owner":"Neyrian","description":"A Windows DLL module that simulates malware-like behavior for educational and research purposes. This DLL mimics Pikabot's anti-analysis techniques","archived":false,"fork":false,"pushed_at":"2025-02-14T13:50:04.000Z","size":11,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-11-20T03:05:32.928Z","etag":null,"topics":["cybersecurity","dll-injection","pikabot","red-team","rundll32","windows-security"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Neyrian.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-02-13T14:48:51.000Z","updated_at":"2025-02-14T13:47:49.000Z","dependencies_parsed_at":null,"dependency_job_id":"bcaca48a-70d9-4f9a-83d6-73c3cb678fe7","html_url":"https://github.com/Neyrian/NotSoHarmfulDLL","commit_stats":null,"previous_names":["neyrian/notsoharmfuldll"],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/Neyrian/NotSoHarmfulDLL","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Neyrian%2FNotSoHarmfulDLL","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Neyrian%2FNotSoHarmfulDLL/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Neyrian%2FNotSoHarmfulDLL/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Neyrian%2FNotSoHarmfulDLL/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Neyrian","download_url":"https://codeload.github.com/Neyrian/NotSoHarmfulDLL/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Neyrian%2FNotSoHarmfulDLL/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34270417,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-13T02:00:06.617Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cybersecurity","dll-injection","pikabot","red-team","rundll32","windows-security"],"created_at":"2025-02-25T23:27:46.495Z","updated_at":"2026-06-13T03:01:39.838Z","avatar_url":"https://github.com/Neyrian.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"# NotSoHarmfulDLL\n\n## šŸ“Œ Overview\n\n`NotSoHarmfulDLL` is a **Windows DLL** that simulates **malware-like behavior** for **cybersecurity research and training**. This module is inspired by the **Pikabot malware campaign** and replicates some of its **anti-analysis techniques**, including:\n\nāœ… **Checking system language** (exits if Russian `ru-RU` or Ukrainian `uk-UA` is detected).\\\nāœ… **Ensuring a single instance** by creating a **hardcoded mutex** (`{A77FC435-31B6-4687-902D-24153579C738}`).\\\nāœ… **Designed for educational use** and does **not perform harmful actions**.\n\nšŸ”— Research References:\n\n- [Trend Micro: Pikabot Spam Wave](https://www.trendmicro.com/en_us/research/24/a/a-look-into-pikabot-spam-wave-campaign.html)\n- [MITRE ATT\u0026CK: Pikabot Campaign (C0037)](https://attack.mitre.org/campaigns/C0037/)\n\n---\n\n## āš ļø Disclaimer\n\nšŸšØ **This project is for educational purposes only.** It does not contain malicious code but simulates **anti-analysis techniques** used by real malware. Use responsibly in **authorized research environments**.\n\n---\n\n## šŸ›  Features\n\n### āœ… **1. Language Check (Pikabot Anti-Analysis Simulation)**\n\n- Uses `GetUserDefaultUILanguage()` to detect **system language**.\n- If the system language is **Russian (0x0419) or Ukrainian (0x0422)**, execution is stopped.\n- Write output to a text file before exiting.\n\n### āœ… **2. Mutex Lock (Ensures Single Instance)**\n\n- Uses `CreateMutexA()` to **prevent multiple instances** of the DLL from running.\n- If another instance is found, execution **immediately exits**.\n\n---\n\n## šŸ”§ Compilation (Using `x86_64-w64-mingw32-gcc` on Linux)\n\nTo compile the DLL on a **Linux system**:\n\n```bash\nx86_64-w64-mingw32-gcc -shared -o notsoharmfuldll.dll notsoharmfuldll.c -Wall\n```\n\nāœ” This generates `notsoharmfuldll.dll`, which can be executed on **Windows**.\n\n---\n\n## šŸš€ Running the DLL\n\nTo execute the DLL on **Windows**, run:\n\n```powershell\nrundll32.exe notsoharmfuldll.dll,RunNotSoHarmful\n```\n\n---\n\nšŸ‘Øā€šŸ’» Created for **cybersecurity research \u0026 education**. Use responsibly! šŸš€\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fneyrian%2Fnotsoharmfuldll","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fneyrian%2Fnotsoharmfuldll","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fneyrian%2Fnotsoharmfuldll/lists"}