EVA
fully undetectable injector
EVA2 INSTEAD .
Update on Monday, July 12 : USE[+] antiscan.me
antiscan.me
YOUR MOM IS A -BITCH- IF YOU UPLOADED THIS TO ANY WEBSITE OTHER THAN UPDATE
READ THEREQUIREMENTS:
- visual studio 2019 [ it may work with visual studio 2017 ]
- cobalt strike [ take a look at my repo
cobalt-wipe
] - python2 for the encoder
USAGE:
- create your shellcode (x64
x86 wont work
) using cobalt-strike [check my cobalt-wipe repo] - place your shellcode inside encoder.py and run it using python2
- after encoder.py output your encrypted shellcode copy and paste it inside EVA.cpp
- build the code using visual studio 2019 - Release - x64
x86 wont work
- enjoy
How Does EVA Work:
- first EVA will take a look at the running processes to allocate the pid of chrome.exe and inject the shellcode to it.
- if chrome.exe is not open, EVA will inject the code to explorer.exe instead
DEMO:
[+] You can do your self a favour and disable Automatic Sample Submission in windows defender:
1- explorer - injection:
explorer.-.injection.mp4
2- chrome - injection:
chrome.-.injection.mp4
special thanks for:
- hasherezade - for helping me in building EVA inside visual studio
- and for the person who posted the decoding way in memory, i forgot where i got it from : | if you are seeing this please reply !
please feel free to post any issue or any suggestions
nah i wont, however if you want to know more about the code email me :>
i will be adding more information about how does it work MIT LICENSE
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.