Breaking News: Chinese AVs Outwitted by Go Code

The ‎GitHub‏ ‎repository ‎«darkPulse» ‎by ‎user ‎«fdx-xdf» is‏ ‎a ‎shellcode‏ ‎packer‏ ‎written ‎in ‎Go.

📌Purpose: darkPulse‏ ‎is ‎designed‏ ‎to ‎generate ‎various ‎shellcode‏ ‎loaders‏ ‎that ‎can‏ ‎evade ‎detection‏ ‎by ‎Chinese ‎antivirus ‎software ‎such‏ ‎as‏ ‎Huorong ‎and‏ ‎360 ‎Total‏ ‎Security.

📌Shellcode ‎Loader ‎Generation: Generates ‎different ‎types‏ ‎of‏ ‎shellcode‏ ‎loaders.

📌Antivirus ‎Evasion: Focuses‏ ‎on ‎evading‏ ‎detection ‎by‏ ‎popular‏ ‎Chinese ‎antivirus‏ ‎programs ‎like ‎Huorong ‎and ‎360‏ ‎Total ‎Security.

📌Encryption‏ ‎and‏ ‎Obfuscation: Supports ‎AES ‎and‏ ‎XOR ‎encryption,‏ ‎and ‎UUID/words ‎obfuscation ‎to‏ ‎reduce‏ ‎entropy.

📌Loading ‎Techniques:‏ ‎Supports ‎multiple‏ ‎loading ‎techniques ‎including ‎callback, ‎fiber,‏ ‎and‏ ‎earlybird. ‎These‏ ‎can ‎be‏ ‎used ‎in ‎indirect ‎syscall ‎and‏ ‎unhook‏ ‎modes.

📌Encoding: Utilizes‏ ‎the ‎Shikata‏ ‎ga ‎nai‏ ‎encoder, ‎ported‏ ‎into‏ ‎Go ‎with‏ ‎several ‎improvements.

📌SysWhispers3: Uses ‎SysWhispers3 ‎for ‎indirect‏ ‎syscall ‎implementation.