Home

Awesome

<h2 align="center"> EntropyReducer: Reduce The Entropy Of Youre Payload And Obfuscate It With Serialized Linked Lists </h2> <br>

Maldev Academy

For more malware development technqiues visit maldevacademy.com

How Does It Work

<!-- define entropy + it lower the entropy bcz 0x00 is repeated in an organized/ordered manner -->

EntropyReducer algorithm is determined by BUFF_SIZE and NULL_BYTES values. The following is how would EntropyReducer organize your payload if BUFF_SIZE was set to 4, and NULL_BYTES to 2.

image

<br>

Obfuscation Algorithm

<br>

Deobfuscation Algorithm

<br>

Usage

FinalSize = ((OriginalSize + BUFF_SIZE - OriginalSize % BUFF_SIZE ) / BUFF_SIZE) * (BUFF_SIZE + NULL_BYTES + sizeof(INT))
<br>

Include In Your Projects

All you have to do is add EntropyReducer.c and EntropyReducer.h files to your project, and call the Deobfuscate function. You can check PoC/main.c for reference.

<br>

Output Example

In this example, BUFF_SIZE was set to 3, and NULL_BYTES to 1.

image

image

<br>

Profit

image

image

image

image

<br>

The Merge Sort Algorithm Is Taken From c-linked-list.

<!-- add our names if u want hbb idk but delete all the comments -->