Metame : Metamorphic Code Engine For Arbitrary Executables

Metame is a simple metamorphic code engine for arbitrary executable. Metamorphic code is code that when run outputs a logically equivalent version of its own code under some interpretation.

This is used by computer viruses to avoid the pattern recognition of anti-virus software. It implementation works this way:

  • Open a given binary and analyze the code
  • Randomly replace instructions with equivalences in logic and size
  • Copy and patch the original binary to generate a mutated variant

It currently supports the following architectures:

  • x86 32 bits
  • x86 64 bits

Also, it supports a variety of file formats, as radare2 is used for file parsing and code analysis.

Example of code before and after mutation:

Also Read – PingCastle : Get Active Directory Security At 80% In 20% Of The Time

Installation

pip install metame

This should also install the requirements.

You will also need radare2. Refer to the official website for installation instructions.

simplejson is also a “nice to have” for a small performance boost:

pip install simplejson

Usage

metame -i original.exe -o mutation.exe -d

Use metame -h for help.

R K

Recent Posts

ModTask – Task Scheduler Attack Tool

ModTask is an advanced C# tool designed for red teaming operations, focusing on manipulating scheduled…

1 day ago

HellBunny : Advanced Shellcode Loader For EDR Evasio

HellBunny is a malleable shellcode loader written in C and Assembly utilizing direct and indirect…

1 day ago

SharpRedirect : A Lightweight And Efficient .NET-Based TCP Redirector

SharpRedirect is a simple .NET Framework-based redirector from a specified local port to a destination…

1 day ago

Flyphish : Mastering Cloud-Based Phishing Simulations For Security Assessments

Flyphish is an Ansible playbook allowing cyber security consultants to deploy a phishing server in…

2 days ago

DeLink : Decrypting D-Link Firmware Across Devices With A Rust-Based Library

A crypto library to decrypt various encrypted D-Link firmware images. Confirmed to work on the…

2 days ago

LLM Lies : Hallucinations Are Not Bugs, But Features As Adversarial Examples

LLMs (e.g., GPT-3.5, LLaMA, and PaLM) suffer from hallucination—fabricating non-existent facts to cheat users without…

2 days ago