Documentation
Avaritia

Avaritia

Avaritia is the Windows packer particularly designed to provide efficient security features.

Core Feature

The core feature of this service is to mitigate the anti reverse engineering by encrypting application binaries on the disk.

Regardless of whatever your appolication is built by the .NET, C++, or any other languages, your binary will have the raw machine code in your binary in order to run. Specifically to Windows, the raw machine code is generally placed in the .text section, and the global data in the .data respectively.

Unless explicitly disabled, Avaritia will separate the .text and .data sections as each 4KB block in the binary to prevent the raw machine code from being read. In this packer, the 4KB block is called a chunk.

Once the binary is mapped into the virtual memory Avaritia initializes first. Not long after, Avaritia detects the execution of code chunk(s) and decrypts those on demand and pass the execution back to the operating system so acts as like nothing happened.

flow

See more available option

Side Features

Additional features are provided to enhance the security of the application.

  • Binary Metadata: Emits hidden metadata and fingerprints in the binary.
  • Anti-Debug: Prevents the application from being debugged.
  • Anti-Virtual-Machine: Prevents the application from being run under the virtual machine environment.
  • Anti-Hypervisor: Prevents the application from being run under the specific hypervisor environment.
  • Compatibility: Compatibility conditions to control where the application supposed to run.
  • Remote Code Policy: Controls how dynamic codes are allowed to be executed or disallowed.
  • Software Policy: Controls how the software is allowed to be executed while the application is running.
  • System Trust Policy: Enforces specific conditions of the system trust state to be met before the application is allowed to run.
© 2024-present SECTOR 501 LLC. All rights reserved.
Buildbff736e