Closed ryantkasher closed 4 years ago
Looks as tho the .Example section contains malware. Remove the following...
.EXAMPLE C:\PS> Out-EncodedHexCommand -ScriptBlock {Write-Host 'Hello World!' -ForegroundColor Green; Write-Host 'Obfuscation Rocks!' -ForegroundColor Green} -NoProfile -NonInteractive powershell -NonInt -NoPr "('57_72}69R74u65P2dR48T6fu73_74;20_27R48T65R6cR6c;6fT20;57}6fP72}6cT64u21;27}20}2dP46T6f}72u65{67T72}6f_75}6e{64P43_6f_6cR6f{72u20;47T72{65T65}6eT3b}20T57_72P69u74u65P2dT48T6fR73;74;20P27T4fu62;66P75{73R63}61}74{69R6fu6eT20T52u6fT63u6b;73u21;27}20;2d;46R6fT72T65P67P72R6fP75{6e}64T436fP6cR6f{72;20T47T72T65{65}6e'-SPLiT'P'-SpliT'}'-SPLIt 'u'-SpLIt'{'-SPLit'R' -SplIT ''-SpliT'T' -SplIt';'| ForEach-Object { ([Convert]::ToInt16(( $.ToString()),16)-AS[Char]) }) -Join ''|Invoke-Expression" C:\PS> Out-EncodedHexCommand -ScriptBlock {Write-Host 'Hello World!' -ForegroundColor Green; Write-Host 'Obfuscation Rocks!' -ForegroundColor Green} -NoProfile -NonInteractive -PassThru -Join (( 57,72 , 69 , 74 , 65, '2d', 48, '6f', 73 ,74, 20, 27 ,48, 65, '6c', '6c','6f', 20,57 , '6f',72,'6c' , 64 ,21 , 27 , 20 ,'2d', 46,'6f', 72 ,65 ,67, 72, '6f', 75 ,'6e', 64 ,43,'6f' , '6c' ,'6f' , 72,20 ,47 , 72 , 65, 65,'6e','3b', 20, 57 ,72,69 ,74 ,65,'2d',48 ,'6f' ,73, 74 ,20 , 27,'4f' ,62, 66,75 , 73 ,63 ,61 ,74 , 69 , '6f' , '6e', 20,52 , '6f',63 , '6b' , 73,21,27 , 20, '2d' ,46 ,'6f', 72,65 ,67, 72 ,'6f' ,75 ,'6e' , 64 , 43,'6f' ,'6c' , '6f' , 72 ,20, 47,72,65 , 65, '6e') |ForEach-Object{ ([Char]([Convert]::ToInt16( ([String]$) ,16))) })|IEX
nah dont use it i found alot of malware code insert in every file be a ware !
Same. Clever little bird that one.
@myhashs @ryantkasher Just in case you guys aren't joking:
Invoke-Obfuscator is an obfuscator and does what it claims to do. Some AV providers choose to mark obfuscators as malicious, but calling it malicious doesn't make it so.
I really hope that they are joking, however I'm leaning towards they think Kali makes them hackers and expert malware reverse engineers.
I really hope that they are joking, however I'm leaning towards they think Kali makes them hackers and expert malware reverse engineers.
@HurstLabs Nope. Definitely malware. There are several items across the full repo. And Kali is a toolbox for those who need it, a toybox for those who know it, and a maze for scriptkiddies LOL. Thanks for that tho.
@ryantkasher Lol...still can't tell... If your serious, why not try putting the tools away and un-obfuscate your self without the fancy scriptkiddy tools, then you can stop spreading misinformation.. unless u are joking then by all means troll how you please
Ha. Do with the info as you please, either way, it's as simple as removing the example code or don't. But hey, every one of you keyboard commandos wants their 5 min in the ring right? Trolls gonna troll... XD
root@kali:~/Downloads/Invoke-Obfuscation-master# clamscan -v -i Scanning /root/Downloads/Invoke-Obfuscation-master/Invoke-Obfuscation.psd1 Scanning /root/Downloads/Invoke-Obfuscation-master/Out-EncodedAsciiCommand.ps1 Scanning /root/Downloads/Invoke-Obfuscation-master/Out-EncodedOctalCommand.ps1 Scanning /root/Downloads/Invoke-Obfuscation-master/Out-PowerShellLauncher.ps1 Scanning /root/Downloads/Invoke-Obfuscation-master/README.md Scanning /root/Downloads/Invoke-Obfuscation-master/Out-EncodedBXORCommand.ps1 Scanning /root/Downloads/Invoke-Obfuscation-master/Out-SecureStringCommand.ps1 Scanning /root/Downloads/Invoke-Obfuscation-master/Out-EncodedWhitespaceCommand.ps1 Scanning /root/Downloads/Invoke-Obfuscation-master/LICENSE Scanning /root/Downloads/Invoke-Obfuscation-master/Out-CompressedCommand.ps1 Scanning /root/Downloads/Invoke-Obfuscation-master/Out-EncodedHexCommand.ps1 /root/Downloads/Invoke-Obfuscation-master/Out-EncodedHexCommand.ps1: Win.Downloader.WannaMine-6442440-2 FOUND Scanning /root/Downloads/Invoke-Obfuscation-master/Out-ObfuscatedTokenCommand.ps1 Scanning /root/Downloads/Invoke-Obfuscation-master/Invoke-Obfuscation.ps1 Scanning /root/Downloads/Invoke-Obfuscation-master/Out-EncodedBinaryCommand.ps1 Scanning /root/Downloads/Invoke-Obfuscation-master/Invoke-Obfuscation.psm1 Scanning /root/Downloads/Invoke-Obfuscation-master/Out-ObfuscatedAst.ps1 Scanning /root/Downloads/Invoke-Obfuscation-master/Out-ObfuscatedStringCommand.ps1 Scanning /root/Downloads/Invoke-Obfuscation-master/Out-EncodedSpecialCharOnlyCommand.ps1
----------- SCAN SUMMARY ----------- Known viruses: 6257036 Engine version: 0.101.2 Scanned directories: 1 Scanned files: 18 Infected files: 1 Data scanned: 2.07 MB Data read: 1.29 MB (ratio 1.61:1) Time: 46.536 sec (0 m 46 s)