Skip to content

Load the evilDLL from socket connection without touch disk

Notifications You must be signed in to change notification settings

Gue5t-zz/RemoteMemorymodule

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 
 
 

Repository files navigation

RemoteMemorymodule

Load the evilDLL from socket connection without touch disk

Inspired by @Rvn0xsy and the famous MemoryModule project

Server

Maked a simple socket server via c++ which is called PigSender(only work on Linux)

Responsible for processing the request sent by the client and transferring the DLL

Client

  1. Added a simple anti-simulation method, and receive DLL file from remote Server

  2. Finally, simply call MemoryModule

Usage:

  1. Put your DLL on the VPS and specify the file to be sent and the listening port

image-20210810085812853

  1. In the Client, just specify the address listened in the first step

image-20210810085922601

Of course, for better results, you can encrypt the traffic in network transmission, cause the feature of PE files are very obvious

Thanks to this excellent "non-landing" technology, you can use this project to reduce the pain of evasion anti-virus in some temporary environments

About

Load the evilDLL from socket connection without touch disk

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • C++ 68.3%
  • C 31.7%