Um, Windows deletes it when i download it and says its a virus - Githubissues

bitsadmin / fakelogonscreen

Fake Windows logon screen to steal passwords

BSD 3-Clause "New" or "Revised" License

1.29k stars 231 forks source link

Um, Windows deletes it when i download it and says its a virus #13

Closed TechGeekUnited closed 1 year ago

bitsadmin commented 1 year ago

Hi @TechGeekUnited, this is expected behavior. Because the tool can also be used for malicious purposes, AV vendors add it as a signature to their products.

More details here: https://www.virustotal.com/gui/file/ec2146655e2c04bf87b8db754dd2e92b8c48c4df47b64a9adc1252efd8618e62/

If you want to run it undetected, the following options might help:

Compile it yourself and obfuscate it using for example ConfuserEx2: https://mkaring.github.io/ConfuserEx/;
Attempt to run it in-memory using a C2 framework like Cobalt Strike. This will however shift the problem as you then need to make sure the C2 implant is not detected.

Hope that helps!