PErfidious is a Python3 tool that aims to directly take a benign PE executable
and malicious shellcode, transform the malicious shellcode and inject the
transformed shellcode directly into various parts of the executable’s .text
section, thus completely avoiding the need to look for code-caves or creating
additional sections. After injection, PErfidious recalculates the size of the
.text section and all the virtual address changes caused by the increase in the
size of the .text section and modifies respective fields in the PE header, thus
making sure that the PE file doesn’t look injected.
Shreyans is a Cybersecurity Graduate Student at the University of Maryland and has previously worked as a Malware Research Intern at Cybrary Inc. Here he created PErfidious and researched other...