Toolkit for creating educational malware in C# and C++. Started as academic project, aimed to assist in introductory malware reverse-engineering.
Disclaimer:
None of the malware samples found in this project are intended to be harmful. They are built solely for the purpose of teaching malware analysis. If you want to wreak havoc and be 1337, there are plenty of other much more potent projects out there.
Using it
- You can download the latest (stable) version here.
- Optional. Add the path to emk.exe to your path
- Run emk.exe from the command line
Download or fork the project first!
Look in the EducationalMalwareKit.Payloads projects for samples. A payload can be pretty much anything (C# or C++) as long as it can be instantiated from a single method. All payloads must have a manifest.json file in their root directory; look at the existing samples for examples.
Placeholders
If you want the user to be able to inject config values into your payload, use double curly brackets.
This works on any string, but should be avoided for constants (will break WIP-feature string obfuscation).
The user will be prompted with the key you insert in brackets, for the example below it will be Set Value REPLACED =>.
C++
cout << "I will be {{replaced}} by the user" << endl;
C#
Console.WriteLine("I will also likely be {{replaced}}");
| Feature | C# | C++ |
|---|---|---|
| Config injection | Yes | Yes |
| Encryption | Yes | No |
| Libraries | Yes | Partly (pre-compiled only) |
| Debug Mode | Yes | Partly (no breakpoint injection) |
| Single output | Yes | Yes |
| Icon File | Yes | Yes |