Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/the-viper-one/invoke-powerincrease

PowerShell port of SharpIncrease. Inflates binary files to aid in AV evasion
https://github.com/the-viper-one/invoke-powerincrease

powershell sharpincrease

Last synced: 8 days ago
JSON representation

PowerShell port of SharpIncrease. Inflates binary files to aid in AV evasion

Host: GitHub
URL: https://github.com/the-viper-one/invoke-powerincrease
Owner: The-Viper-One
Created: 2024-07-18T17:40:26.000Z (7 months ago)
Default Branch: main
Last Pushed: 2024-08-01T18:10:02.000Z (6 months ago)
Last Synced: 2024-08-01T22:52:47.892Z (6 months ago)
Topics: powershell, sharpincrease
Language: PowerShell
Homepage:
Size: 9.77 KB
Stars: 3
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

        # Invoke-PowerIncrease

PowerShell port of SharpIncrease: https://github.com/mertdas/SharpIncrease/tree/main

Adversaries may use binary padding to add junk data and change the on-disk representation of malware. This can be done without affecting the functionality or behavior of a binary, but can increase the size of the binary beyond what some security tools are capable of handling due to file size limitations.

Binary padding effectively changes the checksum of the file and can also be used to avoid hash-based blocklists and static anti-virus signatures.The padding used is commonly generated by a function to create junk data and then appended to the end or applied to sections of malware.Increasing the file size may decrease the effectiveness of certain tools and detection capabilities that are not designed or configured to scan large files. This may also reduce the likelihood of being collected for analysis. Public file scanning services, such as VirusTotal, limits the maximum size of an uploaded file to be analyzed

https://attack.mitre.org/techniques/T1027/001/

## Usage

```Powershell

# Load into memory

IEX(New-Object System.Net.WebClient).DownloadString("https://raw.githubusercontent.com/The-Viper-One/Invoke-PowerIncrease/main/Invoke-PowerIncrease.ps1")

# Inflate a source file and write filestream to destination path

Invoke-PowerIncrease -SourceFilePath "$HOME\buff.exe" -TargetSizeMB 51 -DestinationFilePath "$HOME\buffnew.exe"

# Download from URL, inflate in memory before writing to disk

Invoke-PowerIncrease -URL "https://example.com/file.exe" -TargetSizeMB 75 -DestinationFilePath "$HOME\buffnew.exe"

```