EVA
fully undetectable injector
[+] antiscan.me
YOUR MOM IS A BITCH IF YOU UPLOADED THIS TO ANY WEBSITE OTHER THAN antiscan.me
REQUIREMENTS:
- visual studio 2019
- cobalt strike
- python2 for the encoder
USAGE:
- create your shellcode (x64
x86 wont work) using cobalt-strike [check my cobalt-wipe repo] - place your shellcode inside encoder.py and run it using python2
- after encoder.py output your encrypted shellcode copy and paste it inside EVA.cpp
- build the code using visual studio 2019 - Release - x64
x86 wont work - enjoy
How Does EVA Work:
- first EVA will take a look at the running processes to allocate the pid of chrome.exe and inject the shellcode to it.
- if chrome.exe is not open, EVA will inject the code to explorer.exe instead
DEMO:
1- explorer - injection:
explorer.-.injection.mp4
2- chrome - injection:
chrome.-.injection.mp4
special thanks for:
- hasherezade - for helping me to in building EVA inside visual studio
- and for the person who posted the decoding way in memory, i forgot where i got it from : | if you are seeing this please reply !
please feel free to post any issue or any suggestions
i will be adding more information about how does it work
My Empty Ethereum Wallet : 0x1B4944030818392D76672f583884F4A125A4415e
