Mangle

Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL).

Mangle can remove known Indicators of Compromise (IoC) based strings and replace them with random characters, change the file by inflating the size to avoid EDRs, and can clone code-signing certs from legitimate files.

In doing so, Mangle helps loaders evade on-disk and in-memory scanners.

Install:

The first step, as always, is to clone the repo. Before you compile Mangle, you'll need to install the dependencies. To install them, run the following commands:

go get github.com/Binject/debug/pe

Then build it

git clone https://github.com/optiv/Mangle
cd Mangle
go build Mangle.go

Usage:

  -C string
        Path to the file containing the certificate you want to clone
  -I string
        Path to the orginal file
  -M    Edit the PE file to strip out Go indicators
  -O string
        The new file name
  -S int
        How many MBs to increase the file by

Full usage information can be found here.