Deldra

Downloads
1.2.0
2015
Stable
Migration planned

Deldra ("Deldra" as derived from "Downloader") generates tiny sized executables that download and execute files from an URL. This way it's easy to disguise the actual file, if required. File size is usually in range from 3.00 to 4.50 KB depending on enabled features.

When building the binary, C# code is generated and compiled so you have a fresh executable without any PE resources spoiling contents. It also lowers detection rates in security software, if signature based detection is an issue. The last screenshot shows the decompiled IL binary - only required code is generated with the stub. Disabling features, will omit their dependencies being compiled, thus reducing file size.

Features

  • Download a file from URL and execute it
  • Obfuscate URL string to be obscure from decompilers
  • Self-destructing executable
  • Compile-time obfuscation of symbol names within the stub file
  • Anti-Sandboxes: Omit execution when a virtual environment is detected
  • Change icon
  • Recommendations for file size based decisions

Screenshots