Skip to content
/ wslink-client Public

WslinkClient is a client intended to communicate with Wslink, which is a unique loader running as a server

License

View license
12 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

eset/wslink-client

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
external
external
 
 
.gitmodules
.gitmodules
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
client.c
client.c
 
 
client.h
client.h
 
 
module.c
module.c
 
 

Repository files navigation

WslinkClient

WslinkClient is a client intended to communicate with Wslink, which is a unique loader running as a server and executing received modules in-memory. It was initially made to experiment with detection methods.

The client might be of interest to beginners in malware analysis - it shows how one can reuse existing functions of analyzed malware and interact with it.

WslinkClient simply establishes connection with Wslink and sends a module which is subsequently executed.

The code reuses a few functions from a non-virtualized unpacked sample, which is available on VirusTotal. SHA-1 of the sample is 840BBD3475B189DBB65F2CD4E6C060FE3E071D97. Note that you must still patch its public key and load it yourself to test it since we do not want to publish a ready-to-use loader.

Compilation

The code was compiled with the supplied Makefile running on Ubuntu 20.04 with Linux 5.4.0. The binaries are included in the GitHub releases section.

About

WslinkClient is a client intended to communicate with Wslink, which is a unique loader running as a server

Topics

reverse-engineering malware-analysis

Resources

Readme

License

View license
Activity
Custom properties

Stars

12 stars

Watchers

12 watching

Forks

0 forks
Report repository

Releases 1

Initial release Latest
Oct 26, 2021

Packages

No packages published

Contributors 2

  •  
  •  

Languages