Amber is a proof of concept packer, it can pack regularly compiled PE files into reflective PE files that can be used as multi stage infection payloads. If you want to learn the packing methodology used inside the Amber check out below.
PS: This is not a complete tool some things may break so take it easy on the issues and feel free to contribute.
Developed By Ege Balcı from INVICTUS/PRODAFT.
INSTALLATION
sudo chmod +x Setup.sh
sudo ./Setup.sh
USAGE
// █████╗ ███╗ ███╗██████╗ ███████╗██████╗
// ██╔══██╗████╗ ████║██╔══██╗██╔════╝██╔══██╗
// ███████║██╔████╔██║██████╔╝█████╗ ██████╔╝
// ██╔══██║██║╚██╔╝██║██╔══██╗██╔══╝ ██╔══██╗
// ██║ ██║██║ ╚═╝ ██║██████╔╝███████╗██║ ██║
// ╚═╝ ╚═╝╚═╝ ╚═╝╚═════╝ ╚══════╝╚═╝ ╚═╝
// POC Reflective PE Packer
# Version: 1.0.0
# Source: github.com/egebalci/Amber
USAGE:
amber file.exe [options]
OPTIONS:
-k, --key [string] Custom cipher key
-ks,--keysize <length> Size of the encryption key in bytes (Max:100/Min:4)
--staged Generated a staged payload
--iat Uses import address table entries instead of hash api
--no-resource Don't add any resource
-v, --verbose Verbose output mode
-h, --help Show this massage
EXAMPLE:
(Default settings if no option parameter passed)
amber file.exe -ks 8
DETECTION
VirusTotal (5/65)
VirusCheckmate (0/36)
NoDistribute (0/36)