Metame is a simple metamorphic code engine for arbitrary executable. Metamorphic code is code that when run outputs a logically equivalent version of its own code under some interpretation.
This is used by computer viruses to avoid the pattern recognition of anti-virus software. It implementation works this way:
It currently supports the following architectures:
Also, it supports a variety of file formats, as radare2 is used for file parsing and code analysis.
Example of code before and after mutation:
Also Read – PingCastle : Get Active Directory Security At 80% In 20% Of The Time
Installation
pip install metame
This should also install the requirements.
You will also need radare2. Refer to the official website for installation instructions.
simplejson
is also a “nice to have” for a small performance boost:
pip install simplejson
metame -i original.exe -o mutation.exe -d
Use metame -h
for help.
Thanks for HIBP and this downloader. At first I was considering using it, but the…
Comprehensive repository for presentation slides from major cybersecurity conferences held in 2023 and 2024. It…
Generate a proxy dll for arbitrary dll, while also loading a user-defined secondary dll. In…
DLL Universal Patcher is a flexible and convenient code patcher that doesn't touch the files…
RustiveDump is a Rust-based tool designed to dump the memory of the lsass.exe process using…
This C# program finds Windows Defender folder exclusions using Windows Defender through its command-line tool…