Features

A comprehensive list of EvadeX's features. If you have additional questions about what's listed below, don't hesitate to reach out.

Evasion techniques

Compile-Time API Hashing
Novel Memory Scan Evasion (Caro Kann Execution)
AMSI Patching
ETW Patching
AES-256 Shellcode Encryption
Base32 Shellcode Encoding
Anti-AV Signature Technology
Payload Entropy Reduction
API Hammering
Randomized Polymorphism
Advanced Unlinking of EDR/AV Modules
Anti-debug Capability
Anti-Virtual Machine and Sandbox Capability
Drip Allocation
Private Persistence Mechanism
Private Execution Timing Options
Private Execution Method
Advanced Process Injection

Coming soon

PPID Spoofing

Coming soon

Shellcode Staging

Coming soon

Obfuscation Customizations

File Bloating
Code Signing
Certificate Stealing
Executable Metadata (Icon, Filename, Copyright, etc.)
Binary Creation and Kill Date
Execution Delay

Product Support and Infrastructure

First-Class API Integration
Online Payload Creation (No AV/EDR exclusion needed)
Direct Line of Communication with Dev Team
Custom Payload Support
Large Payload Support
Built-in Payload Library (Execute Cmd, Add User, etc.)
Predefined EDR Evasion Templates

Executable Customizations

Standard Output Packing Formats (zip, 7zip, img)
DLL Function Name
Domain and hostname wildcard constraints
Watermarking
XLL & SFX Output Formats
DLL Proxying
ClickOnce Application Output Format