Breaking News: Chinese AVs Outwitted by Go Code
The GitHub repository «darkPulse» by user «fdx-xdf» is a shellcode packer written in Go.
📌Purpose: darkPulse is designed to generate various shellcode loaders that can evade detection by Chinese antivirus software such as Huorong and 360 Total Security.
📌Shellcode Loader Generation: Generates different types of shellcode loaders.
📌Antivirus Evasion: Focuses on evading detection by popular Chinese antivirus programs like Huorong and 360 Total Security.
📌Encryption and Obfuscation: Supports AES and XOR encryption, and UUID/words obfuscation to reduce entropy.
📌Loading Techniques: Supports multiple loading techniques including callback, fiber, and earlybird. These can be used in indirect syscall and unhook modes.
📌Encoding: Utilizes the Shikata ga nai encoder, ported into Go with several improvements.
📌SysWhispers3: Uses SysWhispers3 for indirect syscall implementation.