A builder π¨ for binding evil program π and normal document π£
Clone this repo and build GoFileBinder.go first, then start:
./GoFileBinder <evil_program> <bind_file> [x64/x86]
When the Output File is executed on the target machine, it will release your evil program to C:\Users\Public\Music\
, and then self-delete after run normal file and evil program.
You can add an icon to it through rcedit or rsrc,note that some icons may be marked as malicious by the anti-virus due to past malicious behavior.
- Reduce the risk of being detected by anti-virus
and human - Encrypt evil program via 3DES with random key
- Self delete after releasing the normal file and executing the evil program
- Use local variable instead of string literal to pass procedure name (
string([]byte{...})
), to avoid static memory matching