peCloak.py (beta) - A Multi-Pass Encoder & Heuristic Sandbox Bypass AV Evasion Tool.

peCloak.py (beta) – A Multi-Pass Encoder & Heuristic Sandbox Bypass AV Evasion Tool.

peCloak.py (beta) – is A Multi-Pass Encoder & Heuristic Sandbox Bypass AV Evasion Tool.
Features :
– Encoding
– Decoding
– Heuristic Bypass
– Carving out a code cave
– Jumping to the code cave
– Restoring execution flow
– Other Features: Writing the Modified PE File.

peCloak.py (beta) - is A Multi-Pass Encoder & Heuristic Sandbox Bypass AV Evasion Tool.

peCloak.py (beta) – is A Multi-Pass Encoder & Heuristic Sandbox Bypass AV Evasion Tool.

Requirements:
+ The modified PE file must evade AV detection from market-leading products with up-to-date definitions.
+ The encoded malicious payload must execute without error. Failure to execute regardless of AV detection would be considered an unsuccessful bypass.
+ The entire process (encoding, decoding, etc) must be automated. No manual manipulation of code caves or jump codes within a debugger.

Dependencies :
– PyDasm http://sourceforge.net/projects/winappdbg/files/additional%20packages/PyDasm/
– PEFile https://code.google.com/p/pefile/downloads/list
– SectionDoubleP http://git.n0p.cc/?p=SectionDoubleP.git;a=summary

four files that were tested for evasion were:
+ av_test_msfmet_rev_tcp.exe – Metasploit Meterpreter reverse_tcp executable
+ av_test_msfshell_rev_tcp.exe – Metasploit reverse tcp shell executable
+ strings_evil.exe – strings.exe backdoored with Metasploit reverse_tcp exploit
+ vdmallowed.exe – local Windows privilege escalation exploit

Example Usage :

DISCLAIMER:
This program is intended for use in research, sanctioned penetration testing, or other authorized security-related purposes.  Do not use this code or any derivative of it for illegal or otherwise unauthorized activities.

Download : PythonTrojan.zip(24.16 KB) | Clone Url
Source : Security Shift  |https://github.com/EasierChutoy