This malware simulation creates a named pipe and uses it to temporarily store the additional information gathered by creating the following processes:
- whoami.exe /all
- ipconfig.exe /all
- netstat.exe -aon
Each piece of information returned will be encrypted.
A list of running processes on the system will also be gathered and encrypted by calling CreateToolHelp32Snapshot and listing processes through Process32First and Process32Next.
๐ Research References:
๐จ This project is for educational purposes only. It does not contain malicious code but simulates anti-analysis techniques used by real malware. Use responsibly in authorized research environments.
- Implements a named pipe server in PowerShell using embedded C#.
- Uses Windows API calls to interact with system processes.
- Allows interprocess communication through named pipes.
- Provide a client to store data in a json under
$env:TEMP\Curupira.json
- Windows operating system
- PowerShell (version 5.1 or later recommended)
- Clone this repository:
git clone https://github.com/neyrian/GetInfoInPipe.git
- Navigate to the directory:
cd GetInfoInPipe - Run the server:
powershell -ExecutionPolicy Bypass -File GetInfosInPipeServer.ps1
- (optional) Run the client:
powershell -ExecutionPolicy Bypass -File GetInfosInPipeClient.ps1
- Neyrian