READ THE UPDATE
- visual studio 2019 [ it may work with visual studio 2017 ]
- cobalt strike [ take a look at my repo
cobalt-wipe] - python2 for the encoder
- create your shellcode (x64
x86 wont work) using cobalt-strike [check my cobalt-wipe repo] - place your shellcode inside encoder.py and run it using python2
- after encoder.py output your encrypted shellcode copy and paste it inside EVA.cpp
- build the code using visual studio 2019 - Release - x64
x86 wont work - enjoy
- first EVA will take a look at the running processes to allocate the pid of chrome.exe and inject the shellcode to it.
- if chrome.exe is not open, EVA will inject the code to explorer.exe instead
explorer.-.injection.mp4
chrome.-.injection.mp4
- hasherezade - for helping me in building EVA inside visual studio
- and for the person who posted the decoding way in memory, i forgot where i got it from : | if you are seeing this please reply !
i will be adding more information about how does it work nah i wont, however if you want to know more about the code email me :>
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
