Breaking News: Chinese AVs Outwitted by Go Code

15 июля 202415 июл 2024

~1 мин

The GitHub repository «darkPulse» by user «fdx-xdf» is a shellcode packer written in Go. 📌Purpose: darkPulse is designed to generate various shellcode loaders that can evade detection by Chinese antivirus software such as Huorong and 360 Total Security. 📌Shellcode Loader Generation: Generates different types of shellcode loaders. 📌Antivirus Evasion: Focuses on evading detection by popular Chinese antivirus programs like Huorong and 360 Total Security. 📌Encryption and Obfuscation: Supports AES and XOR encryption, and UUID/words obfuscation to reduce entropy. 📌Loading Techniques: Supports multiple loading techniques including callback, fiber, and earlybird. These can be used in indirect syscall and unhook modes. 📌Encoding: Utilizes the Shikata ga nai encoder, ported into Go with several improvements. 📌SysWhispers3: Uses SysWhispers3 for indirect syscall implementation. Follow on TG & Boosty

The GitHub repository «darkPulse» by user «fdx-xdf» is a shellcode packer written in Go.

📌Purpose: darkPulse is designed to generate various shellcode loaders that can evade detection by Chinese antivirus software such as Huorong and 360 Total Security.

📌Shellcode Loader Generation: Generates different types of shellcode loaders.

📌Antivirus Evasion: Focuses on evading detection by popular Chinese antivirus programs like Huorong and 360 Total Security.

📌Encryption and Obfuscation: Supports AES and XOR encryption, and UUID/words obfuscation to reduce entropy.

📌Loading Techniques: Supports multiple loading techniques including callback, fiber, and earlybird. These can be used in indirect syscall and unhook modes.

📌Encoding: Utilizes the Shikata ga nai encoder, ported into Go with several improvements.

📌SysWhispers3: Uses SysWhispers3 for indirect syscall implementation.

Follow on TG & Boosty