Recomposer - Randomly Changes Win32/64 Pe Files For 'safer' Uploading To Malware And Sandbox Sites

✨ DeeZNuTz

✨ Master ✨
Staff member

Ever have that not so safe feeling uploading your malware binaries to VirusTotal or other AV sites because you can look up binaries by hashes? (Example:
Feel somewhat safer with Recomposer!*

Recomposer will take your binary and randomly do the following:
  • Change the file name
  • Change the section names
  • Change the section flags
  • Injection random number of five different types of nops into each available code cave over 20 bytes in length
By the way, your file will still execute, so upload away!*
Supports win32/64 PE Files!!

Two modes:
  • Manual: Works like a PE Editor, change section names and flags
  • Auto: Randomly changes the binary
Tested by creating 11200 samples from one binary. Results:
  • No hash collisions
  • ssdeep matching percentage to the original file ranged from 94% to 77%
Download Recomposer