Skip to content

rancorzinho/yapbt

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
README.md
README.md
 
 
decoder.template
decoder.template
 
 
pemodify.py
pemodify.py
 
 
shellcode.template
shellcode.template
 
 
yapbt.py
yapbt.py
 
 

Repository files navigation

YAPBT

Yet Another PE Backdoor Tool is a script to make backdoored PE executables. It uses the pefile Python library for the necessary header modifications. No effort has been made to bypass AV detection.

This has been done to death but most of the resources I found on this uses Olly and/or manual patching. I prefer fully automated solutions.

Usage

Modify decoder.template and shellcode.template to do what you want and then run: ./yapbt.py original.exe backdoored.exe

How does it work?

This script can backdoor a PE file in two ways:

  • Create a new malicious section and change the program's entrypoint to the new section.
  • Find a code cave, patch it and change the program's entrypoint to point to the code cave.

TODOs

  • Implement support for x86_64.
  • Clean up.
  • Better log messages.

References

https://axcheron.github.io/code-injection-with-python/

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

1 star

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages