2Pack
Rust Based PE & Shellcode Packer
<img width="1258" height="553" alt="2025_12_27_23_30_24_Command_Prompt (1)" src="https://github.com/user-attachments/assets/acc00fa0-4dc6-4c0b-89cd-0413f5f6f186" />
π Overview
2Pack is a simple packing tool designed for malware hobbyists. It supports both PE files (EXE/DLL) and raw shellcode. The tool employs multiple layers of protection including AES encryption, XOR obfuscation, and compression before embedding payloads in the .rsrc sections of template loaders.
β οΈPlease note that all templates were written with no evasion techniques in mind, This project was created solely for educational purposes to learn more about windows internals. The techniques implemented are very outdated and mainstream, there is 0 chance of making it past any self-respecting AV/EDR :(
I will continue updating the templates as I progress in my maldev journery <3
βοΈUsage:
- Specify the input file using
--inputor-i - Specify the file format using
--formator-f - Specify the mode, either local or remote, using
--modeor-m - Specify the targeted process for injetction in remote mode using
--processor-p - Specify the template file using
-tor--template
Example:
> cargo run --bin tpack -- --input shellcode.bin --format shellcode --mode remote --template stomper --process Calc.exe
πTemplates:
β‘οΈ Stomper : --template stomper
Remote Function stomping via memory patching. The template Allocates RWX memory in target process, injects payload, and overwrites NtQuerySystemTime entry with jumps to injected shellcode.