Updated exe files processsing for evasion

Author: termanix

nxc/modules/impersonate.py

@@ -6,7 +6,7 @@
 from base64 import b64decode
 from os import path
 import sys
-
+from datetime import datetime
 from nxc.paths import DATA_PATH
 
 
@@ -29,8 +29,15 @@ def options(self, context, module_options):
         self.impersonate = "Impersonate.exe"
         self.useembeded = True
         self.token = self.cmd = ""
+        current_time = datetime.now()
+        time_string = current_time.strftime("%Y%m%d%H%M%S")
+
         with open(path.join(DATA_PATH, ("impersonate_module/impersonate.bs64"))) as impersonate_file:
             self.impersonate_embedded = b64decode(impersonate_file.read())
+        
+        padding = time_string.encode()
+        self.impersonate_embedded = self.impersonate_embedded + padding
+
         if "EXEC" in module_options:
             self.cmd = module_options["EXEC"]
 

nxc/modules/pi.py

@@ -1,7 +1,7 @@
 from base64 import b64decode
 from sys import exit
 from os.path import abspath, join, isfile
-
+from datetime import datetime
 from nxc.paths import DATA_PATH, TMP_PATH
 
 
@@ -25,9 +25,15 @@ def options(self, context, module_options):
         self.pi = "pi.exe"
         self.useembeded = True
         self.pid = self.cmd = ""
+        current_time = datetime.now()
+        time_string = current_time.strftime("%Y%m%d%H%M%S")
+        
         with open(join(DATA_PATH, ("pi_module/pi.bs64"))) as pi_file:
             self.pi_embedded = b64decode(pi_file.read())
 
+        padding = time_string.encode()
+        self.pi_embedded = self.pi_embedded + padding
+        
         if "EXEC" in module_options:
             self.cmd = module_options["EXEC"]