Skip to content

Latest commit

 

History

History
21 lines (16 loc) · 1.14 KB

README.md

File metadata and controls

21 lines (16 loc) · 1.14 KB

x64-EXE-Packer

A software packer for 64 bit Windows executables.

Progress:

  • Stub
  • Packer
  • Custom Cipher
  • Control Flow Flattening - IN PROGRESS

The stub, packer, and encryption routine are all ironed out on the logic side:

  • The encryption routine is a 64-bit block cipher which uses a 128-bit key, which does 7 rounds of encryption using bitwise rotates and xors. It's not great, but hopefully unique enough to throw analyst off.
  • The stub looks for ".xss" section within itself, and extracts PE data from it.
  • The packer copies the stub, appends a .xss section to the end of it, and then appends the targeted file for packing at the end of the new stub, after encrypting it.

Sources

https://bidouillesecurity.com/tutorial-writing-a-pe-packer-part-1/ https://learn.microsoft.com/en-us/archive/msdn-magazine/2002/march/inside-windows-an-in-depth-look-into-the-win32-portable-executable-file-format-part-2 https://www.ired.team/miscellaneous-reversing-forensics/windows-kernel-internals/pe-file-header-parser-in-c++ https://jb05s.github.io/Introduction-to-Windows-Demystifying-Windows-System-Architecture-and-Memory-Management/