TinyLoad v5 — encrypted strings, opmap obfuscation, and IAT wiping
TinyLoad v5 has been released, introducing several enhancements for Windows PE packing. The new version focuses on improving the security of the stub that executes the packed executable. Key features include encrypted API strings, opmap obfuscation, and IAT wiping after loading.
- ▪TinyLoad v5 is a PE packer for Windows that compresses and encrypts executables into a self-extracting stub.
- ▪The new version adds encrypted API strings to prevent static analysis tools from easily identifying the APIs used.
- ▪Opmap obfuscation is implemented using a FNV hash to create a unique XOR mask for each packed file, enhancing security.
Opening excerpt (first ~120 words) tap to expand
try { if(localStorage) { let currentUser = localStorage.getItem('current_user'); if (currentUser) { currentUser = JSON.parse(currentUser); if (currentUser.id === 3608549) { document.getElementById('article-show-container').classList.add('current-user-is-article-author'); } } } } catch (e) { console.error(e); } iamsopotatoe Posted on May 19 TinyLoad v5 — encrypted strings, opmap obfuscation, and IAT wiping #cpp #security #windows #lowlevel TinyLoad v5 is out. if you haven't seen the project before — it's a PE packer for Windows. you give it an .exe, it compresses and VM-encrypts it into a self-extracting stub that runs the original entirely in RAM. one .cpp file, no dependencies, MIT. repo here. v4 added opaque predicates, anti-debug, and section scrambling.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at DEV.to (Top).