AMAZING Windows Defender loader on Linux

I’ve spent a while researching malware detection. And i’ve found an Windows Defender loader today (it is old project of Tavis Ormandy for the Blackhat USA). Project URL:


Testing.

I. installation

  • Install git to clone project sudo apt install git
  • Install library to build project sudo apt install libc6-dev:i386 gcc-multilib libreadline-dev:i386
  • Install cabextract to extract latest engine that will be downloaded from Microsoft homepage: sudo apt install cabextract

II. Build project

III. Test scanner

  1. Create meterpreter with msfvenom
    msfvenom -p windows/x64/meterpreter_reverse_tcp lhost=127.0.0.1 lport=8888 -f exe -o meter.exe
  2. Scan binary file
    ./mpclient <path to binary>

Extra test with mirai samples

IV. Real world?

  1. It should be for research purposes only. Real world project could be illegal.
  2. Windows Defender sucks, why da fuxx you test it? No it isn’t bad anymore.

Edited callback print and add folder scan support.