https://github.com/pizz33/360qvm_bypass

通过生成不同hash的ico并写入程序中，实现批量bypass360QVM
https://github.com/pizz33/360qvm_bypass

360 bypass-antivirus

Last synced: 5 months ago
JSON representation

通过生成不同hash的ico并写入程序中，实现批量bypass360QVM

• Host: GitHub
• URL: https://github.com/pizz33/360qvm_bypass
• Owner: Pizz33
• Created: 2023-08-08T04:03:14.000Z (about 2 years ago)
• Default Branch: main
• Last Pushed: 2023-08-10T02:24:45.000Z (about 2 years ago)
• Last Synced: 2025-05-08T21:14:12.944Z (5 months ago)
• Topics: 360, bypass-antivirus
• Language: Python
• Homepage:
• Size: 2.24 MB
• Stars: 231
• Watchers: 3
• Forks: 22
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# 360QVM_bypass

在攻防演练过程中常需要木马钓鱼，但钓鱼马易被提取hash进而失效，本脚本旨在减少重复性工作，批量生成钓鱼马

360会对不携带资源的可疑程序进行拦截，标签为`HEUR/QVM202.0.29xx.Malware.Gen`

![image](https://github.com/Pizz33/360QVM_bypass/assets/88339946/6b287357-bd77-436f-93b3-bc63d6475638)

直接提取图标添加至exe一样会进行拦截

![image](https://github.com/Pizz33/360QVM_bypass/assets/88339946/c803d4c9-ff89-4f6b-8760-198876e68d2d)

使用方法：

运行脚本`python icon-exe.py -i input_file -f ico_file -n number`

`input_file`填入木马文件

`ico_file`填入图标文件

`number`为生成的木马数量

![image](https://github.com/Pizz33/360QVM_bypass/assets/88339946/ba5c04a3-a1d4-4f20-a648-3495518d06ad)

脚本通过生成不同hash的ico并写入程序中，实现批量bypass360QVM，生成文件在output文件夹内

![image](https://github.com/Pizz33/360QVM_bypass/assets/88339946/2ea3a967-b845-435d-a806-85b28e838f7e)

实现效果 （`ResourceHacker.exe`来源于互联网，不放心可自行替换）

![image](https://github.com/Pizz33/360QVM_bypass/assets/88339946/6d3dcfac-7877-470b-b449-627ebc45554a)

![image](https://github.com/Pizz33/360QVM_bypass/assets/88339946/14d47076-dbf1-46a1-a78b-4e4a80e9a9b2)