Evilhiding
shellcode loader,bypassav,免杀,一款基于python的shellcode免杀加载器
Install / Use
/learn @coleak2021/EvilhidingREADME
evilhiding v1.1
shellcode loader,bypassav,免杀工具,一款基于python的shellcode免杀加载器,已更至最新版本!
工具浅析
- 远控条件触发防沙箱
- 花指令干扰
- loader和shellcode进行fernet加密
- 触发器混淆干扰特征码
- 自动刷新ico图片的md5,防止图标特征码被查杀
用法
- 安装依赖
pip install -r requirements.txt
- 填入信息并运行main.py
将shellcode和即将生成的a.txt的url填入main.py
shellcode=b''
url=''
例如:
url='http://192.168.52.129/a.txt'
dist目录下生成HipsMain.exe
执行exe前记得将a.txt放到填写的url指定位置
仅支持windows系统编译!
免杀测试
过火绒
过defender
动态执行
日志信息
- 2023-10-23:360、火绒 动态静态均可过,windows defender静态可过
- 2023-10-25:病毒库更新至最新的火绒和360动态可过,windows defender静态可过
- 2023-11-02:evilhiding v1.1更新,能绕过火绒,360,defender
声明
- 仅限用于技术研究和获得正式授权的测试活动。由于传播、利用本工具而造成的任何直接或者间接的后果及损失,均由使用者本人负责,工具作者不为此承担任何责任。
- 工具并没有多少技术含量,站在前辈肩膀上造轮子而已
- 不能免杀可以提Issues,stars是持续更新的动力,嘻嘻嘻。
Related Skills
node-connect
345.9kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
claude-opus-4-5-migration
106.4kMigrate prompts and code from Claude Sonnet 4.0, Sonnet 4.5, or Opus 4.1 to Opus 4.5
frontend-design
106.4kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
model-usage
345.9kUse CodexBar CLI local cost usage to summarize per-model usage for Codex or Claude, including the current (most recent) model or a full model breakdown. Trigger when asked for model-level usage/cost data from codexbar, or when you need a scriptable per-model summary from codexbar cost JSON.
