Hi,
I'm Steeve and i'm new on this forum
I wrote a keylogger in c# language compiled as an .exe file (perfectly working but detected by AV). Then I try to make it efficient and stealth.
I choose following 'methodology' :
- Create the ".exe" PE (recognized by AV)
- Encode the ".exe" file (with several encoding methods) in order to bypass AV
- Put the encoded ".exe" in an auto-extractible archive with command lines (auto start in register, lanch itself for for first launch)
- Encode the archive with the same method
- Join the encoded archive with a file
- Encode again
First question : is my methodology is good ?
Then, i tried to encode with msfvenom using following command line :
msfvenom -p -< /root/Desktop/myfile.exe > root/Desktop/myencodedfile.exe -f exe -i 20 -a x86_64 --platform windows -e x86/shikata_ga_nai
Msfvenom succeed with encoding, AV doesn't detect malware anymore but when i launch the PE (on a win 7 x64), it does nothing, stays a few seconds in the taskmgr and disappear... With no error window...
So I thought it was a buffer overflow crash due to invalid characters as x00, xff, x0a, x0d.
Then I tried following :
msfvenom -p -< /root/Desktop/myfile.exe > root/Desktop/myencodedfile.exe -f exe -i 20 -a x86_64 --platform windows -e x86/shikata_ga_nai -b '\x00\xff\x0a\x0d'
But encoder returns an error due to bad characters.
I need help with that.
Thanks.