Skip to content

Releases: yinsel/BypassAV

1.5

11 Jan 07:01
@yinsel yinsel
1.5
a6eeb5c
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
1.5 Latest
Latest

更新详情:

  1. 添加阻止amsi.dll的加载,以绕过Defender针对.net程序集加载的扫描
    参考思路:https://github.com/Shrfnt77/AmsiBypass
    注:如使用donut转换.net程序集,请添加-b:1选项以关闭Patch AMSI,该行为已被Defender标记。

  2. 修改执行时的内存权限为RX,暂不支持使用sgn编码

  3. 更换原始文件为Postman.exe

原始文件:571282838c1b82121187d439c7899482(MD5)

Patch:a5bf6e35c05b169d378d6b5ee72f2dfc(MD5)

Assets 4
Loading

1.4

18 Oct 15:20
@yinsel yinsel
1.4
deb1401
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
1.4
  1. 更换x64位白文件,更新图标资源过QVM
  2. 新增x32位

x64:HuoRong.exe 8c8c2be95cd381a1165f3175b325ea93(MD5)

x32:HrASPinTile.exe c99b126fa023fb9d0b6ff70e736a2f9a(MD5)

Assets 4
Loading

1.3

14 Aug 02:23
@yinsel yinsel
1.3
7c9f826
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
1.3

1.白文件来源于wps,且为32位,请使用32位的shellcode
2.最低支持win 2008

Hash:

wps.exe(patch)
sha256: BA60F9D967D4924C115AAA43E84F27D9B79AB226ACE4BC6FC0B82354D72C7DF2

ksolaunch.exe(原始白文件)
sha256: 4F6A7D54DA75D19CFF5EDE620E8657CEAF9F1609E18C9074329D8DA90846382A

Assets 4
Loading

1.2

08 Aug 01:39
@yinsel yinsel
1.2
7c9f826
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
1.2
  1. 更换patch的白文件(WeChat.exe已被360标记)
  2. 修复在win 2008上的崩溃问题
Assets 3
Loading

1.1

07 Aug 04:20
@yinsel yinsel
1.1
7c9f826
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
1.1

修复QVM报毒问题

Assets 3
Loading

1.0

07 Aug 03:04
@yinsel yinsel
1.0
7c9f826
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
1.0

对patch的shellcode进行sgn编码,采用动态解密的方式运行

Assets 2
Loading