EVA
fully undetectable injector
[+] antiscan.me
antiscan.me
YOUR MOM IS A BITCH IF YOU UPLOADED THIS TO ANY WEBSITE OTHER THAN REQUIREMENTS:
- visual studio 2019
- cobalt strike
- python2 for the encoder
USAGE:
- create your shellcode (x64
x86 wont work
) using cobalt-strike [check my cobalt-wipe repo] - place your shellcode inside encoder.py and run it using python2
- after encoder.py output your encrypted shellcode copy and paste it inside EVA.cpp
- build the code using visual studio 2019 - Release - x64
x86 wont work
- enjoy
How Does EVA Work:
- first EVA will take a look at the running processes to allocate the pid of chrome.exe and inject the shellcode to it.
- if chrome.exe is not open, EVA will inject the code to explorer.exe instead
DEMO:
1- explorer - injection:
explorer.-.injection.mp4
2- chrome - injection:
chrome.-.injection.mp4
special thanks for:
- hasherezade - for helping me to in building EVA inside visual studio
- and for the person who posted the decoding way in memory, i forgot where i got it from : | if you are seeing this please reply !