mcdulltii / WTSRM

WTSRM

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

WTSRM - Writing Tiny Small Reliable Malware demo repository for my corresponding talk.

  • Unhooks all Windows Dlls with \KnownDlls\
  • No CRT dependencies
  • Small size
  • Low entropy
  • Random string encryption key (thus no plaintext strings)
  • API hashing
  • Hook detection
  • Walks around hooks for initial unhooking on ntdll

Diagram

About

WTSRM


Languages

Language:C++ 100.0%