Dropper

Multiple ways to embed an executable as a PE resource, drop, and launch it in runtime.

Created for educational purposes. Use at your own risk!

Available Material

• The filesystem.exe directory hosts a project for an EXE binary that drops tha payload to the filesystem and creates the process from it.
• The filesystem.dll directory hosts a project for a DLL binary that drops tha payload to the filesystem and creates the process from it.
• The inmemory.dll directory hosts a project for a DLL binary that drops a payload to a copy of its own process' memory.
• The inmemory.filesystem.dll directory hosts a project for a DLL binary that drops a payload to the disk and replace it in memory with another payload also extracted from itself.
• The bin.samples directory hosts sample binaries for testing purposes.
• The utils directory hosts helper functions.

Usage

This dropper has been used in my (our) participation in the MLSEC competition link here

The Adversarial Malware in Machine Learning Detectors: Our MLSEC 2020’s SECRETs blog post describing our 2020's participation is available here

Publications

The article Shallow Security: on the Creation of Adversarial Variants to Evade Machine Learning-Based Malware Detectors published in the Reversing and Offensive-oriented Trends Symposium 2019 (ROOTS) made use of this dropper. Check Here.

The article No Need to Teach New Tricks to Old Malware: Winning an Evasion Challenge with XOR-based Adversarial Samples published in the Reversing and Offensive-oriented Trends Symposium 2020 (ROOTS) made use of this dropper. Check Here.