Skip to content

通过生成不同hash的ico并写入程序中,实现批量bypass360QVM

Notifications You must be signed in to change notification settings

Pizz33/360QVM_bypass

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

360QVM_bypass

在攻防演练过程中常需要木马钓鱼,但钓鱼马易被提取hash进而失效,本脚本旨在减少重复性工作,批量生成钓鱼马

360会对不携带资源的可疑程序进行拦截,标签为HEUR/QVM202.0.29xx.Malware.Gen

image

直接提取图标添加至exe一样会进行拦截

image

使用方法:

运行脚本python icon-exe.py -i input_file -f ico_file -n number

input_file填入木马文件

ico_file填入图标文件

number为生成的木马数量

image

脚本通过生成不同hash的ico并写入程序中,实现批量bypass360QVM,生成文件在output文件夹内

image

实现效果 (ResourceHacker.exe来源于互联网,不放心可自行替换)

image

image

About

通过生成不同hash的ico并写入程序中,实现批量bypass360QVM

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages