InflativeLoading icon indicating copy to clipboard operation
InflativeLoading copied to clipboard

Published 20 hours ago verified publisher icon senzee1984

Polymorphic engine

Open Beykir opened this issue 9 months ago • 1 comments

Hello,

first of all, you have a nice and interesting project here. I have tested it with different calc.exe shellcodes, and the calculator always popped up. My testing also included using the original donut shellcode generator, and I noticed that there are some edrs that detect donut generated shellcodes with a yara rule or something. My guess as to why the shell code generated by InflativeLoading is not detected is that the donut is a lot more widely known. So maybe you can add some sort of polymorphism like https://github.com/cryptolok/MorphAES or Shikata ga nai encoding.

Beykir avatar May 05 '24 16:05 Beykir